DHS / CISA: Cyber Security Alert
For your situational awareness. If you have any questions, please let me know. Thank you.
Chad Johnston
Protective Security Advisor-Arkansas, Region VI
Cybersecurity and Infrastructure Security Agency
501-414-1468 (Cell)
Chad.Johnston@cisa.dhs.gov
CISA has published CISA/FBI joint Alert AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity (TLP:WHITE) to the CISA/US-CERT website at the following URL: https://us-cert.cisa.gov/ncas/alerts/aa20-258a. AA20-258A details malicious cyber activity attributed to Chinese Ministry of State Security-affiliated threat actors and provides recommended mitigation actions.
The Alert provides information on the exploitation of known vulnerabilities, including
- F5 Big-IP Vulnerability CVE-2020-5902 (CVSS v3 9.8)
- Citrix VPN Appliances CVE-2019-19781 (CVSS v3 9.8)
- Pulse Secure VPN Servers CVE-2019-11510 (CVSS v3 10)
- Microsoft Exchange Server CVE-2020-0688 (CVSS v3 8.8)
CISA recommends the following resources for additional information
- AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 (TLP:WHITE) https://us-cert.cisa.gov/ncas/alerts/aa20-206a
- AA20-031A: Detecting Citrix CVE-2019-19781 (TLP:WHITE) https://us-cert.cisa.gov/ncas/alerts/aa20-031a
- AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching (TLP:WHITE) https://us-cert.cisa.gov/ncas/alerts/aa20-107a
- CISA Chinese Malicious Cyber Activity page
V/r,
Dr. Megan Ferguson
U.S. Department of Homeland Security
Northrup Grumman in support of
CISA | IOD | CISA Central (Contractor)