Search
Close this search box.

Russian Hackers Exploit Multiple Flaws and Aim at Critical U.S. Infrastructures

Share:

American cybersecurity and intelligence agencies last week published a joint advisory on mitigating cyberattacks orchestrated by Russian-sponsored actors amid a perceived strengthening of Russia’s actions in this space. Here’s what brought on this unprecedented step, and why.


The report was a joint-publication between  the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National security Agency (NSA). It was the first such joint-report of its kind by these three extremely powerful agencies.

The report addressed the increase in spear-phishing, brute force attacks and exploitation of known vulnerabilities currently taking place in unprecedently high rates by Russian attackers: both individuals and state-backed entities.

Some effective flaws exploited by the Russian hacking groups in the last month include:

  • CVE-2018-13379 (FortiGate VPNs)
  • CVE-2019-1653 (Cisco router)
  • CVE-2019-2725 (Oracle WebLogic Server)
  • CVE-2019-7609 (Kibana)
  • CVE-2019-9670 (Zimbra software)
  • CVE-2019-10149 (Exim Simple Mail Transfer Protocol)
  • CVE-2019-11510 (Pulse Secure)
  • CVE-2019-19781 (Citrix)
  • CVE-2020-0688 (Microsoft Exchange)
  • CVE-2020-4006 (VMWare)
  • CVE-2020-5902 (F5 Big-IP)
  • CVE-2020-14882 (Oracle WebLogic)
  • CVE-2021-26855 (Microsoft Exchange, exploited frequently alongside CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065)

In a joint statement, the agencies proclaimed that “Russian state-sponsored APT actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware”.

solarwinds

Among the recent objectives of Russian hacker groups include disruption to the U.S. energy sector, disruption of the Ukraine in the midst of sustained geopolitical tensions, and (as ever) the desire to extort and win financial gain.

Those groups backed by state-based interests have also had their eyes on operational technology (OT) and industrial control systems (ICS).

The report went on to say that “the actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments — including cloud environments — by using legitimate credentials.”

The agencies have recommended enforcing network segmentation, keeping operating systems, applications, and firmware up to date, mandating multi-factor authentication and staying vigilant for abnormal activity that indicate signs of lateral movements.

Some of the other best practices include the following, which are as applicable to companies and utilities all around the world as they are to American ones:

  • Strong passwords
  • Optimized spam filters
  • Disabling all unnecessary ports and protocol
  • Strong log collection and retention systems
  • Implementing configuration management programs
  • Having OT hardware in read-only mode

As geopolitical tensions over the Ukraine continued to rise, we expect to see an increase in activity by Russian-backed ands supportive threat actors.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.
Company

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Solutions
Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →