
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” today to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.
Mitigation against these vulnerabilities is critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors. In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA. This was highlighted in NSA’s Cybersecurity Advisory, “Russian State-Sponsored Actors Exploiting Vulnerability in Workspace ONE Access Using Compromised Credentials.”
NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations. NSA, CISA, and FBI also recognize all partners in the private and public sectors for comprehensive and collaborative efforts to respond to recent Russian activity in cyberspace.
NSA encourages its customers to mitigate against the following publicly known vulnerabilities:
- CVE-2018-13379 Fortinet FortiGate VPN
- CVE-2019-9670 Synacor Zimbra Collaboration Suite
- CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
- CVE-2019-19781 Citrix Application Delivery Controller and Gateway
- CVE-2020-4006 VMware Workspace ONE Access
For more information, review the advisory or visit NSA.gov/cybersecurity-guidance.
View the infographic on understanding the threat and how to take action.
Fachartikel

ETH-Forschende entdecken neue Sicherheitslücke in Intel-Prozessoren

Sicherheitskontrollen im Wandel: Warum kontinuierliche Optimierung zur proaktiven Abwehr und einem stabilen Sicherheitsmanagement gehört

Massives Datenleck: 200 Milliarden Dateien in Cloud-Speichern öffentlich zugänglich

Windows 10: Mai-Update führt zu BitLocker-Wiederherstellungsschleife

Advanced NPM Supply-Chain Attack kombiniert Unicode-Steganografie mit Google Kalender als C2-Kanal
Studien

Princeton-Forscher warnen vor fatalen KI-Angriffen im Web3-Umfeld

Führungskräfte ohne KI-Wissen? Gartner-Umfrage offenbart Sorgen der CEOs

Schweigen über KI-Erfolge: Was eine neue Ivanti-Studie offenbart

IBM treibt den Einsatz generativer KI in Unternehmen mit hybrider Technologie voran

Weltweite Umfrage: Mehrheit der Technologieverantwortlichen spricht sich für Robotik im Arbeitsumfeld aus
Whitepaper

TeleTrusT legt aktualisiertes Positionspapier „Cyber-Nation“ vor

Sechs entscheidende Tipps für den erfolgreichen Einsatz von cIAM-Lösungen

Wie die Datenverwaltung Wachstum und Compliance fördert

Group-IB präsentiert die zehn gefährlichsten Cybergruppen 2025

Cyberkriminelle nehmen 2025 verstärkt das Gesundheitswesen ins Visier
Hamsterrad-Rebell

Insider – die verdrängte Gefahr

Sicherer SAP-Entwicklungsprozess: Onapsis Control schützt vor Risiken

Das CTEM-Framework navigieren: Warum klassisches Schwachstellenmanagement nicht mehr ausreicht

Cybersicherheit im Mittelstand: Kostenfreie Hilfe für Unternehmen
