Feds caution: Russia-linked CVE threats target essential infrastructure

September 7, 2024
1 min read


TLDR:

  • Threat groups linked to Russia’s military intelligence service are targeting critical infrastructure in various sectors.
  • The attackers have defaced websites, scanned infrastructure, and leaked stolen data.

Summary:

Federal authorities in the U.S. and nine other countries have issued a warning about threat groups affiliated with Russia’s military intelligence service targeting critical infrastructure and key sectors like government services, financial services, transportation systems, energy, and healthcare. The attackers have engaged in activities like domain scanning, website defacement, infrastructure scanning, and data exfiltration. Their primary focus seems to be disrupting international aid to Ukraine since the country was invaded by Russia in February 2022.

These Russia-linked threat groups are actively seeking out and exploiting known vulnerabilities that organizations have been advised to patch by the U.S. government. They have been observed exploiting vulnerabilities in products like Atlassian Confluence Server, Dahua IP cameras, and Sophos Firewalls. Cyber authorities have noted that the attackers use VPNs to anonymize their activities and focus on weaknesses in internet-facing systems.

The group’s activities are an extension of previous malware campaigns targeting Ukrainian organizations, with an exponential increase in reconnaissance activities using scanning tools to identify vulnerabilities. The detailed advisory issued by authorities outlines the exploitation tactics being employed, including the use of exploit scripts obtained from GitHub repositories. Despite observing active exploits on critical vulnerabilities, authorities have also detected instances where threat groups have access to exploit scripts but have not yet utilized them.

Overall, the situation highlights the ongoing threat posed by Russia-linked cyber actors and the critical need for organizations to maintain robust cybersecurity measures, patch known vulnerabilities, and remain vigilant against potential attacks targeting sensitive infrastructure.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and