Hackers here are termed as APTs, though didn’t mention any specifics. They’re exploiting the VPN and Windows bugs in networks, which are having patches available since months. They finally urge admins to update those concerned systems to avoid attacks.
Hackers Exploit VPN and Windows Bugs
CISA and FBI are tracking possible cyberattacks against companies and government since the presidential elections are nearing. To avoid any mishaps as happened in 2016, both the intelligence agencies are now issuing advisories and PSAs regularly. Under this, FBI and CISA have issued a joint alert on Friday. The alert warns about hacking practises against the federal, state, local, tribal, territorial (SLTT) and even the non-government networks. CISA said they have recorded that someone had accessed the election support systems without authorisation, but had no evidence of tampering the integrity of them. Attacks here are the result of chaining bugs from a VPN and Windows feature, which have recorded having these serious issues earlier. The VPN bug is about the Fortinet FortiOS Secure Socket Layer (SSL), tracked as CVE-2018-13379, would let hackers upload malicious files to takeover ultimately. The second one is recently reported Zerologon bug, tracked as CVE-2020-1472, is known to be the most serious one in Windows recorded this year. This is regarding the weak authentication protocol, that let the hacker take over the domain controller, which controls the network access. Exploiting these are apt since the Zerologon is a secondary stage attack and needs primary access to take over the network, which is what given by exploiting the Fortinet VPN exactly. Patches for these are available since months, thus FBI and CISA urges IT admins to apply them immediately.