The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned that advanced persistent threat actors are exploiting legacy vulnerabilities in internet-facing infrastructure devices to gain access to networks of federal and state, local, tribal and territorial government agencies.
“The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network or application,” the joint advisory from CISA and FBI states.
APT actors also use a privilege escalation vulnerability to obtain access to servers as well as open source tools to steal account credentials.
CISA and the bureau said the malicious cyber activity by these threat actors may pose some risk to elections data stored on government networks.
Organizations have been advised to have an “assume breach” mentality, patch systems and equipment, perform comprehensive account resets, update virtual private networks and devices, implement multifactor authentication and block public access to potentially vulnerable ports, among other measures.
CISA has recommended that network staff and administrators review internet-facing infrastructure for vulnerabilities that have or could be exploited to a similar effect.