logo
DATABASE RESOURCES PRICING ABOUT US

NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks

Description

CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a [Joint Cybersecurity Advisory (CSA)](<https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF>) on Russian Foreign Intelligence Service (SVR) actors scanning for and exploiting vulnerabilities to compromise U.S. and allied networks, including national security and government-related systems. Specifically, SVR actors are targeting and exploiting the following vulnerabilities: * [CVE-2018-13379 Fortinet FortiGate VPN](<https://nvd.nist.gov/vuln/detail/CVE-2018-13379>) * [CVE-2019-9670 Synacor Zimbra Collaboration Suite](<https://nvd.nist.gov/vuln/detail/CVE-2019-9670>) * [CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN](<https://nvd.nist.gov/vuln/detail/CVE-2019-11510>) * [CVE-2019-19781 Citrix Application Delivery Controller and Gateway](<https://nvd.nist.gov/vuln/detail/CVE-2019-19781>) * [CVE-2020-4006 VMware Workspace ONE Access](<https://nvd.nist.gov/vuln/detail/CVE-2020-4006>) Additionally the White House has released a [statement](<https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/>) formally attributing this activity and the SolarWinds supply chain compromise to SVR actors. CISA has updated the following products to reflect this attribution: * [Alert AA20-352A: APT Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations](<https://us-cert.cisa.gov/ncas/alerts/aa20-352a>) * [Alert AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments](<https://us-cert.cisa.gov/ncas/alerts/aa21-008a>) * [Alert AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool](<https://us-cert.cisa.gov/ncas/alerts/aa21-077a>) * [Malware Analysis Report AR21-039A: MAR-10318845-1.v1 - SUNBURST](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-039a>) * [Malware Analysis Report AR21-039B: MAR-10320115-1.v1 - TEARDROP](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-039b>) * Table: SolarWinds and Active Directory/M365 Compromise - Detecting APT Activity from Known TTPs * [Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise web page](<https://us-cert.cisa.gov/remediating-apt-compromised-networks>) * [Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise](<https://cyber.dhs.gov/ed/21-01/>) CISA strongly encourages users and administrators to review [Joint CSA: Russian SVR Targets U.S. and Allied Networks](<https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/>) for SVR tactics, techniques, and procedures, as well as mitigation strategies. This product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy. **Please share your thoughts.** We recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2021/04/15/nsa-cisa-fbi-joint-advisory-russian-svr-targeting-us-and-allied>); we'd welcome your feedback.


Related