Agencies issue advisory on latest Russian cyber tactics

Apr 23, 2021 - 01:25 PM
Cybersecurity Lock on Gold Wall

The Russian Foreign Intelligence Service (SVR) continues to exploit five publicly known cyber vulnerabilities, the National Security Agency, Cybersecurity and Infrastructure Security Agency and FBI said in a joint advisory last week. 

“In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA,” the advisory states. 

At a briefing yesterday, the government also expressed concerns about vulnerabilities in the Pulse Connect Secure virtual private network, including one recent vulnerability for which a patch will be issued in May. Meanwhile, Pulse Connect has released a tool (https://kb.pulsesecure.net/pkb_mobile#article/l:en_US/KB44755/s) to help customers check the integrity of their product installations. 

John Riggi, AHA senior advisor for cybersecurity and risk, said, “In an ongoing pattern since 2019, it appears the SVR and other hostile nation-states are continuing to target VPN infrastructure and collaboration platforms — which are ubiquitous and critical for information flow and business continuity, especially in the age of the COVID remote-work environment. Our adversaries have adopted a multi-prong cyber espionage strategy that focuses on not only stealing data while at rest in databases but also intercepting it while in transit between databases, organizations and remote users. With expanded remote access to networks, comes an expanded attack surface. Implementing the recommended patches as soon as possible will help reduce that risk.”   

For more information on this or other risk issues, contact Riggi at jriggi@aha.org
 

Related News Articles

Headline
ASPR releases cybersecurity module to conduct risk assessments 
The Administration for Strategic Preparedness and Response has released a new cybersecurity module for organizations to conduct risk assessments. The free…
Perspective
Staying Cyber Alert and Cyber Ready
Public
As the world has learned in recent years, today’s conflicts are fought with many weapons, and cyber warfare is an integral part of the arsenal.As of this…
Headline
FBI reminds of potentially malicious activity by Iranian cyber actors
The FBI is reminding critical infrastructure organizations to implement mitigations from a June 2025 fact sheet on potential actions by Iranian-affiliated…
Headline
CISA report updates findings on RESURGE malware attacks
The Cybersecurity and Infrastructure Security Agency Feb. 26 released a report that updates findings from last year on RESURGE malware used to gain covert…
Headline
Agencies issue guidance on exploitation of Cisco systems by cyber actors 
U.S. and international agencies Feb. 25 released guidance on protecting Cisco Software-defined Wide-area Networking systems from exploitation by malicious…
Headline
NSA issues guidelines on zero trust architecture
The National Security Agency has released two phases of its Zero Trust Implementation Guidelines for organizations to improve their zero trust architecture.…