BingoTingo Best Place To Gain Knowledge & WP Theme
An unnamed U.S. civilian executive inadvertently passed information to cybercriminals and state-sponsored threat actors for six months, a new report from the country’s law enforcement and intelligence agencies alleges.
Earlier this week, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and other agencies released a joint report claiming that hackers had unabated access to this organization’s systems from August 2022 to January 2023.
They gained access to the target network using multiple vulnerabilities discovered in programs used by the agency built by Progress Telerik, a software development company from Bulgaria.
Praying Mantis and XE Group
The main vulnerability used is CVE-2019-18835, a four-year-old flaw that has been present in versions of Progress Telerik software since 2020. It could allow remote code execution when associated with two other vulnerabilities: CVE-2017-11317 or CVE-2017-11357.
While the report does not name any specific threat actors, The Record (opens in new tab) reported that Praying Mantis – a group reportedly based in China – is the threat actor most known for exploiting this particular flaw. The same source adds that a threat actor known as XE Group was also observed using the flaw to perform reconnaissance and scanning activities.
CISA said the flaw gave the attackers access to the agency’s Microsoft Internet Information Services (IIS) web server, which the organization used to store various materials:
This exploit, which results in interactive access with the web server, enabled the attackers to successfully execute remote code on the vulnerable web server.
Older vulnerabilities are usually known, which is why malware using them is picked up by anti-virus programs. However, it turns out that the vulnerable Progress Telerik tools were installed in places where the antivirus software failed to scan.
“This can be the case for many software installations, as file paths vary widely depending on organization and installation method,” CISA added.
