Known Vulnerabilities Being Used Against Government, Private Companies

Threat Watch

Threat Watch Known Vulnerabilities Being Used Against Government, Private Companies

Known Vulnerabilities Being Used Against Government, Private Companies

Yesterday, US-CERT released an advisory on hackers affiliated with China’s Ministry of State Security (MSS) targeting government agencies and private companies through recent high-profile vulnerabilities with readily available open-source exploits. Some of the exploits include:

CVE-2020-5902 – F5 Big-IP Vulnerability
CVE-2019-19781 – Citrix Virtual Private Network (VPN) Appliances
CVE-2019-11510 – Pulse Secure VPN Servers
CVE-2020-0688 – Microsoft Exchange Server

After a successful exploitation, the attackers download a variety of tools such as Cobalt Strike, the China Chopper web shell and Mimikatz. With these tools, the attacker can run scripts or commands on the infected machines, modify or exfiltrate files and dump Windows credentials for further compromise.

ANALYST NOTES

The methods of compromise in this scenario are all leveraging publicly available exploits for vulnerabilities that have patches available. Binary Defense highly recommends patching all vulnerable appliances listed as soon as possible to prevent possible intrusions. Organizations should have a patch management plan in place to protect themselves from known vulnerabilities. More in-depth detail and links to each security advisory for the individual products can be found in the full advisory by US-CERT.

Source: https://us-cert.cisa.gov/ncas/alerts/aa20-258a

The war in Ukraine and its impact on how China views Taiwan

Digging through Rust to find Gold: Extracting Secrets from Rust Malware

5 Critical Criteria for evaluating Managed Detection & Response (MDR)

How Ransomware Capabilities Are Evolving and What You Can Do to Keep Your Organization Secure

Threat Watch