AudioDigital HomeGamingHome CinemaMobile Computing

CISA says hackers had access to federal agency for months

An unnamed U.S. civilian executive branch has unintentionally been feeding intel to cybercriminals and state-sponsored threat actors for six months, a new report from the country’s law enforcement and intelligence agencies claims. 

Earlier this week, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), as well as other agencies, published a joint report claiming hackers have had unabated access to this organization’s systems from August 2022 to January 2023.

They accessed the target network using multiple vulnerabilities discovered in programs used by the agency built by Progress Telerik, a software development company from Bulgaria.

Praying Mantis and XE Group

The key vulnerability being used is CVE-2019-18835, a four-year-old flaw present in versions of Progress Telerik software since 2020. It can lead to remote code execution when chained with two other vulnerabilities: CVE-2017-11317 or CVE-2017-11357.

While the report does not name specific threat actors, The Record reported that Praying Mantis – a group allegedly based in China – is the threat actor most known for abusing this particular flaw. The same source adds that a threat actor known as XE Group was also observed using the flaw to run reconnaissance and scanning activities. 

CISA said that the flaw gave the attackers access to the agency’s Microsoft Internet Information Services (IIS) web server, which the organization used to store various material:

Read more

> Multiple US agencies could have been hacked due to Ivanti flaws

> Microsoft says it has identified over 40 victims of SolarWinds hack

> These are the best endpoint protection services at the moment

“This exploit, which results in interactive access with the web server, enabled the threat actors to successfully execute remote code on the vulnerable web server,” CISA said.

Older vulnerabilities are usually known and thus any malware using it gets picked up by antivirus programs. It turns out, though, that the vulnerable Progress Telerik tools were installed in places where the antivirus software did not scan.

“This may be the case for many software installations, as file paths widely vary depending on the organization and installation method,” CISA added.

Check out the best firewalls right now

You Might Also Like

The Samsung Galaxy S24 Ultra could be in line for a major display upgrade

Thrilled by The Night Agent? Watch these 7 spy shows while we wait for season 2

Google promises to unleash more of Bard’s potential in the ‘next week’

Google AirTags: why the incoming Apple rivals could take over the world

Share this Article
Previous Article Deliveroo reduces losses on cost-cutting
Next Article Stalactites and stalagmites in the battery? New research could lead to longer-lasting batteries
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Create an Amazing Newspaper
Discover thousands of options, easy to customize layouts, one-click to import demo and much more.

Latest News

The Samsung Galaxy S24 Ultra could be in line for a major display upgrade
Audio Digital Home Gaming Home Cinema Mobile Computing
Thrilled by The Night Agent? Watch these 7 spy shows while we wait for season 2
Audio Digital Home Gaming Home Cinema Mobile Computing
Google promises to unleash more of Bard’s potential in the ‘next week’
Audio Digital Home Gaming Home Cinema Mobile Computing
Google AirTags: why the incoming Apple rivals could take over the world
Audio Digital Home Gaming Home Cinema Mobile Computing
Register Lost your password?