Russian Hackers Exploited Cisco, Microsoft, Oracle, VMware Vulnerabilities in Local Gov’t Attacks
Russia backed hackers exploited vulnerabilities in Cisco, Microsoft, Oracle & VMware equipment in attacks against “dozens” of state, local, tribal, and territorial governments and aviation networks, CISA reports.
According to the Cybersecurity and Infrastructure Security Agency (CISA), Russia backed hackers exploited vulnerabilities in Cisco, Microsoft, Oracle and VMware equipment in attacks against “dozens” of state, local, tribal, and territorial governments and aviation networks from September, 2020 to at least December, 2020.
In a recent advisory, CISA said Kremlin-sponsored advanced persistent threat (APT) hackers “successfully compromised networks and exfiltrated data from multiple victims” at the local government levels. It also said that from 2011 to 2018 Russian actors executed a “multi-stage intrusion campaign” in which they gained remote access to international energy sector networks.
Russian cyber operatives are believed to have been behind a number of high profile cyber attacks on U.S. critical infrastructure and executed the SolarWinds operation, and the Kaseya and JBS offensives. Russia-linked hackers are also suspected of repeated cyber forays targeting members of Parliaments, government officials, politicians, the press, schools and other entities in the European Union.
In teh last few months, Aegis Defender Pro has seen a recent uptick in attacks from IP addresses from Microsoft and Amazon AWS servers. These IP addresses are added to their syndicated Block List in real-time as attacks happen, protecting all of their customers instantly from the same attackers.