APT Actors Chaining Vulnerabilities
NJCCIC Advisory
Original Release Date: 10/9/2020
Summary
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity Advisory regarding a recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability - CVE-2020-1472 - in Windows Netlogon. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network or application.
This recent malicious activity has often, but not exclusively, been directed at federal and state, local, tribal, and territorial (SLTT) government networks. Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks.
This Joint Cybersecurity Advisory is being provided to assist agencies and organizations in the protection against cyber threats. The provided analysis is ongoing and the information provided should not be considered comprehensive. CISA will update this advisory as new information becomes available.
Reporting
We encourage recipients who discover signs of malicious cyber activity to contact us via the cyber incident report form by clicking here.
Please do not hesitate to contact us at njccic@cyber.nj.gov with any questions. Also, for more background on our recent cybersecurity efforts please visit cyber.nj.gov
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.