Comment: Hacker Groups Chain VPN And Windows Bugs To Attack US Government Networks

It has been reported that hackers have gained access to US government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert recently published. Attacks have targeted federal and state, local, tribal, and territorial (SLTT) government networks. Attacks against non-government networks have also been detected, the two agencies said. “CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised,” the security alert reads.

Full story here:

Hugo van den Toorn, Manager, Offensive Security,  Outpost24
October 14, 2020
Once an initial foothold is gained by adversaries, they want to try and elevate their privileges as quickly as possible.
This is typical behavior when new vulnerabilities and public exploits surface, underlining the importance of proper asset & vulnerability management and patch management. You can safely assume whenever a new vulnerability becomes publicly known, that a race starts to whomever can find a stable exploit and potentially chain it in further attacks. This goes for both the information security communit ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article