June 20, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed new cybersecurity incidents, shedding light on the tactics employed by the hackers.

In one incident, hackers potentially with government support, successfully breached two US federal agencies by exploiting vulnerabilities in outdated software. They used a flaw in the Progress Telerik user interface (UI) for ASP.NET AJAX and a .NET deserialization flaw in the Microsoft Internet Information Services (IIS) web server.

They also targeted another outdated vulnerability, CVE-2017-9248, in the Telerik UI for ASP.NET AJAX DialogHandler component. The hackers engaged in harmful activities like uploading malicious scripts, downloading and deleting sensitive files, and making unauthorized changes in the agency networks.

In another instance, VulnCheck researchers discovered malicious actors pretending to be security researchers and shared fake proof-of-concept exploits for zero-day vulnerabilities on GitHub and Twitter. They claimed these exploits exposed flaws in popular products like Signal, WhatsApp, Chrome, Exchange, and Discord. However, these exploits actually contained malware that targeted both Windows and Linux machines.

In a third instance, Kaspersky’s analysis of the dark web reveals that ransomware is the most common type of malware, making up 58% of all malware families from 2015 to 2022. Infostealers ranked second at 24%, while botnets, loaders, and backdoors accounted for the remaining 18%. The report also noted a rise in ransomware activities since 2021, while mentions of botnets, backdoors, and loaders decreased.

The sources for this piece include an article in TheRegister.