Threat Watch

Share on facebook
Share on twitter
Share on linkedin

Known Vulnerabilities Being Used Against Government, Private Companies

Yesterday, US-CERT released an advisory on hackers affiliated with China’s Ministry of State Security (MSS) targeting government agencies and private companies through recent high-profile vulnerabilities with readily available open-source exploits. Some of the exploits include:

  • CVE-2020-5902   – F5 Big-IP Vulnerability
  • CVE-2019-19781 – Citrix Virtual Private Network (VPN) Appliances
  • CVE-2019-11510 – Pulse Secure VPN Servers
  • CVE-2020-0688   – Microsoft Exchange Server

After a successful exploitation, the attackers download a variety of tools such as Cobalt Strike, the China Chopper web shell and Mimikatz. With these tools, the attacker can run scripts or commands on the infected machines, modify or exfiltrate files and dump Windows credentials for further compromise.

ANALYST NOTES

The methods of compromise in this scenario are all leveraging publicly available exploits for vulnerabilities that have patches available. Binary Defense highly recommends patching all vulnerable appliances listed as soon as possible to prevent possible intrusions. Organizations should have a patch management plan in place to protect themselves from known vulnerabilities. More in-depth detail and links to each security advisory for the individual products can be found in the full advisory by US-CERT. Source: https://us-cert.cisa.gov/ncas/alerts/aa20-258a

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.