Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise US and Allied Networks, according to a new NSA analysis

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) issued a Cybersecurity Advisory today titled “Russian SVR Targets U.S. and Allied Networks,” exposing continuing Russian Foreign Intelligence Service (SVR) abuse of five publicly identified vulnerabilities. This alert coincides with the official attribution of the SolarWinds supply chain breach and associated cyber espionage operation by the US government.

U.S. allied networks are continuously scanned, manipulated, and abused by Russian state-sponsored cyber actors, mitigation against these vulnerabilities is crucial.

In addition to breaching the SolarWinds Orion tech supply chain, recent SVR practices include using WellMess ransomware to attack COVID-19 testing facilities and using the VMware vulnerability revealed by the National Security Agency to threaten networks. “Russian State-Sponsored Actors Exploiting Vulnerability of Workspace ONE Access Using Compromised Credentials,” according to an NSA Cybersecurity Advisory.

NSA encourages its customers to mitigate against the following publicly known vulnerabilities:

  • CVE-2018-13379 Fortinet FortiGate VPN
  • CVE-2019-9670 Synacor Zimbra Collaboration Suite
  • CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
  • CVE-2019-19781 Citrix Application Delivery Controller and Gateway
  • CVE-2020-4006 VMware Workspace ONE Access