You are here

CISA Alert: APT Actors Chaining Vulnerabilities against Government Organizations and Critical Infrastructure

CISA Alert: APT Actors Chaining Vulnerabilities against Government Organizations and Critical Infrastructure

Created: Tuesday, October 13, 2020 - 09:51
Categories:
Cybersecurity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published an alert on recently-observed activity involving an advanced persistent threat actor exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability – CVE-2020-1472 – in Windows Netlogon. CISA explains this is a commonly-used tactic, known as “vulnerability chaining,” in which multiple vulnerabilities are exploited in the course of a single intrusion to compromise a network or application. It identifies some of the other vulnerabilities that have been exploited in combination with CVE-2020-1472 and provides other technical details for understanding this activity. CISA recommends network staff and administrators review internet-facing infrastructure for these and similar vulnerabilities that have or could be exploited to a similar effect. The full title of this alert is “APT Actors Chaining Vulnerabilities against SLTT, Critical Infrastructure, and Elections Organizations.” The SLTT refers to state, local, tribal, and territorial government networks. CISA adds that the analysis for this alert is ongoing and that it will provide updates as new information is available. Read the alert at CISA.