The National Security Agency (NSA) has released an alert warning that five vulnerabilities are being actively targeted by nation-state actors. The bugs affect VPN solutions, collaboration-suite software, and virtualization technologies in widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor, and VMware. According to the NSA, the goal of the hacking campaign is to steal credentials. The NSA has pinpointed APT29, also known as Cozy Bear, as the culprits behind the exploits.
The NSA stated that the campaign seeks to exploit the vulnerable systems to obtain authentication credentials, then moving to establish further access to the targeted organizations’ systems. The targets include both US and allied national security and government networks. All of the bugs identified as exploits in the campaign have been patched, and the NSA advises that any organizations utilizing the identified tools from Citrix, Fortinet, Synacor, Pulse Secure, and VMware should implement the patches immediately. APT29 has previously been linked to Russia’s Foreign Intelligence Services (SVR).
Read More: NSA: 5 Security Bugs Under Active Nation-State Cyberattack