Serviceteam IT Security News

US Issues Russian SVR Warning

America has issued a cybersecurity advisory that urges organizations to patch vulnerabilities it says are being exploited by Russian Foreign Intelligence Service (SVR) actors.

The warning was jointly issued on April 15 by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), as the US announced new sanctions against Russia.

Titled "Russian SVR Targets US and Allied Networks," the advisory lists five publicly known vulnerabilities and calls for network defenders to act quickly to "prevent future loss of sensitive information."

The vulnerabilities the United States says are being exploited by SVR are CVE-2018-13379 Fortinet FortiGate VPN, CVE-2019-9670 Synacor Zimbra Collaboration Suite, CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN, CVE-2019-19781 Citrix Application Delivery Controller and Gateway, and CVE-2020-4006 VMware Workspace ONE Access.

"This advisory is being released alongside the US Government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign," stated the NSA.

"We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them."

The agency said that the SVR actors, also known as APT29Cozy Bear, and The Dukes, are exploiting the vulnerabilities in an effort to gain access by obtaining authentication credentials.

"Mitigation against these vulnerabilities is critically important as US and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors," warned the NSA. 

"In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA."

Commenting on the advisory, K2 Cyber Security co-founder and CTO Jayant Shukla said: "The easiest way to secure an organization is to keep software up to date and patched."

He added: "Unfortunately, patching often takes organizations a significant amount of time due to testing and compliance requirements, so the sooner they can start the process the better off they will be. 

"For those applications that can be protected during runtime with newer technologies like virtual patching, organizations should implement solutions to keep these vulnerabilities from being exploited."

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *