FBI, CISA: Russian hackers breached US government networks, exfiltrated data

FBI, CISA: Russian hackers breached US government networks, exfiltrated data

  • The group, Energetic Bear, has been targeting dozens of US state, local, territorial, and tribal (SLTT) government networks since at least February 2020.
  • Companies in the aviation industry were also targeted, CISA and FBI said.
  • Targeted devices included Citrix access gateways (CVE-2019-19781), Microsoft Exchange email servers (CVE-2020-0688), Exim mail agents (CVE 2019-10149), and Fortinet SSL VPNs (CVE-2018-13379).
  • To move laterally across compromised networks, CISA and the FBI said the Russian hackers used the Zerologon vulnerability in Windows Servers (CVE-2020-1472) to access and steal Windows Active Directory (AD) credentials.

– Catalin Cimpanu | October 22, 2020