Agencies issue advisory on latest Russian cyber tactics

Apr 23, 2021 - 01:25 PM
Cybersecurity Lock on Gold Wall

The Russian Foreign Intelligence Service (SVR) continues to exploit five publicly known cyber vulnerabilities, the National Security Agency, Cybersecurity and Infrastructure Security Agency and FBI said in a joint advisory last week. 

“In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA,” the advisory states. 

At a briefing yesterday, the government also expressed concerns about vulnerabilities in the Pulse Connect Secure virtual private network, including one recent vulnerability for which a patch will be issued in May. Meanwhile, Pulse Connect has released a tool (https://kb.pulsesecure.net/pkb_mobile#article/l:en_US/KB44755/s) to help customers check the integrity of their product installations. 

John Riggi, AHA senior advisor for cybersecurity and risk, said, “In an ongoing pattern since 2019, it appears the SVR and other hostile nation-states are continuing to target VPN infrastructure and collaboration platforms — which are ubiquitous and critical for information flow and business continuity, especially in the age of the COVID remote-work environment. Our adversaries have adopted a multi-prong cyber espionage strategy that focuses on not only stealing data while at rest in databases but also intercepting it while in transit between databases, organizations and remote users. With expanded remote access to networks, comes an expanded attack surface. Implementing the recommended patches as soon as possible will help reduce that risk.”   

For more information on this or other risk issues, contact Riggi at jriggi@aha.org
 

Related News Articles

Headline
AHA podcast: Cybersecurity on the Health Care Front Lines Against AI and Ransomware
Larry Pierce, director of cybersecurity and information security officer for Atlantic Health, unpacks how the growth of artificial intelligence is reshaping…
Headline
Agencies issue guidance on secure connectivity for operational technology
U.S. and international agencies Jan. 14 released guidance on secure connectivity for operational technology environments. Examples of OT environments in health…
Headline
AHA expresses support for bill improving cybersecurity workforce in rural hospitals
The AHA Jan. 14 expressed support for the Rural Hospital Cybersecurity Enhancement Act (S. 2169), legislation that would direct the Department of Health and…
Headline
FBI warns of attacks by North Korean cyber threat group using malicious QR codes
The FBI Jan. 8 released an alert on evolving threat tactics by Kimsuky, a North Korean state-sponsored cyber threat group. As of last year, the group…
Headline
CISA issues update on voluntary cybersecurity performance goals 
The Cybersecurity and Infrastructure Security Agency Dec. 11 released an update to its voluntary Cybersecurity Performance Goals, which includes measurable…
Headline
Agencies warn of state-sponsored cyberattacks from Russia, China
U.S. and international agencies are warning of potential cyberattacks on health care and other critical infrastructure from state-sponsored cyber actors in…