Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

CISA: Federal civilian agency hacked by nation-state and criminal hacking groups

admin by admin
March 18, 2023
in Cyber News


A nation-state hacking group and a criminal gang best known for card skimming had access to a federal civilian agency from August to January 2023, according to a Wednesday joint alert released by the Cybersecurity and Infrastructure Security Agency, the FBI and the Multi-State Information Sharing and Analysis Center.

According to the alert, both the nation-backed hacking group and the criminal group dubbed XE Group exploited known vulnerabilities in Progress Telerik software located in the unnamed government agency’s Microsoft Internet Information Services (IIS) web server.

Google’s Threat Analysis Group, which was credited in the alert, notified CISA that the unnamed agency was targeted by Hafnium, the China-linked hacking group most recently known for the massive compromise in Microsoft’s Exchange Server, a spokesperson told CyberScoop. The March 2021 espionage campaign impacted tens of thousands of customers across the world including several state governments.

The criminal XE Group was attempting to infiltrate the agency since August 2021 using malicious DLL files masquerading as PNGs, according to the advisory. Cybersecurity firm Volexity said in a report from December 2021 that the “bread and butter” of XE Group is credit card skimming and noted that the gang is likely Vietnamese.

The vulnerability is well known and while the bug did not make it to the 15 top vulnerabilities exploited in 2021, it did get an honorable mention as a “routinely exploited” vulnerability. The bug was on the list of known-exploited vulnerabilities that CISA mandated federal agencies patch. Officials said the nation-state group has been exploiting the bug, which allows for remote code execution, as early as August 2022.

CISA declined to comment further.

Updated March 16, 2023: This article has been updated to include attribution from Google’s Threat Analysis Center.



Source link

Previous Post

Hitachi Energy breached by Clop gang through GoAnywhere Zero-Day exploitationSecurity Affairs

Next Post

Why Is Japan’s Kishida Travelling to India? – The Diplomat

Next Post

Why Is Japan’s Kishida Travelling to India? – The Diplomat

Recommended

Pegasus spyware used to spy on a Polish mayorSecurity Affairs

3 weeks ago

CBP Announces Opening of New Temporary Processing Facility in Otay Mesa, California

2 months ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.