US Issues Russian SVR Warning

America has issued a cybersecurity advisory that urges organizations to patch vulnerabilities it says are being exploited by Russian Foreign Intelligence Service (SVR) actors.

The warning was jointly issued on April 15 by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), as the US announced new sanctions against Russia.

Titled "Russian SVR Targets US and Allied Networks," the advisory lists five publicly known vulnerabilities and calls for network defenders to act quickly to "prevent future loss of sensitive information."

The vulnerabilities the United States says are being exploited by SVR are CVE-2018-13379 Fortinet FortiGate VPN, CVE-2019-9670 Synacor Zimbra Collaboration Suite, CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN, CVE-2019-19781 Citrix Application Delivery Controller and Gateway, and CVE-2020-4006 VMware Workspace ONE Access.

"This advisory is being released alongside the US Government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign," stated the NSA.

"We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them."

The agency said that the SVR actors, also known as APT29Cozy Bear, and The Dukes, are exploiting the vulnerabilities in an effort to gain access by obtaining authentication credentials.

"Mitigation against these vulnerabilities is critically important as US and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors," warned the NSA. 

"In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA."

Commenting on the advisory, K2 Cyber Security co-founder and CTO Jayant Shukla said: "The easiest way to secure an organization is to keep software up to date and patched."

He added: "Unfortunately, patching often takes organizations a significant amount of time due to testing and compliance requirements, so the sooner they can start the process the better off they will be. 

"For those applications that can be protected during runtime with newer technologies like virtual patching, organizations should implement solutions to keep these vulnerabilities from being exploited."

What’s Hot on Infosecurity Magazine?