DHS / CISA: Cyber Security Alert

For your situational awareness.  If you have any questions, please let me know.  Thank you.

 

Chad Johnston
Protective Security Advisor-Arkansas, Region VI
Cybersecurity and Infrastructure Security Agency
501-414-1468 (Cell)
Chad.Johnston@cisa.dhs.gov

 

CISA has published CISA/FBI joint Alert AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity (TLP:WHITE) to the CISA/US-CERT website at the following URL: https://us-cert.cisa.gov/ncas/alerts/aa20-258a. AA20-258A details malicious cyber activity attributed to Chinese Ministry of State Security-affiliated threat actors and provides recommended mitigation actions.

 

The Alert provides information on the exploitation of known vulnerabilities, including

• F5 Big-IP Vulnerability CVE-2020-5902 (CVSS v3 9.8)
• Citrix VPN Appliances CVE-2019-19781 (CVSS v3 9.8)
• Pulse Secure VPN Servers CVE-2019-11510 (CVSS v3 10)
• Microsoft Exchange Server CVE-2020-0688 (CVSS v3 8.8)

 

CISA recommends the following resources for additional information

• AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 (TLP:WHITE) https://us-cert.cisa.gov/ncas/alerts/aa20-206a
• AA20-031A: Detecting Citrix CVE-2019-19781 (TLP:WHITE) https://us-cert.cisa.gov/ncas/alerts/aa20-031a
• AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching (TLP:WHITE) https://us-cert.cisa.gov/ncas/alerts/aa20-107a
• CISA Chinese Malicious Cyber Activity page

 

V/r,

Dr. Megan Ferguson
U.S. Department of Homeland Security
Northrup Grumman in support of
CISA | IOD | CISA Central (Contractor)