CISA Warns Foreign Threat Actors Are Targeting Unpatched Vulnerabilities

The Cybersecurity Infrastructure Agency (CISA) published two alerts this week detailing the activity of foreign threat actors from China and Iran.  

The alerts, identified as AA20-258A and AA20-259A, provide insight into the methods employed by these foreign threat actors to breach government and U.S. based organizations. In both instances, the threat actors are leveraging unpatched vulnerabilities that have publicly available proof of concept (PoC) code and exploit scripts to breach. The vulnerabilities they target range from flaws in SSL VPN solutions, email servers and networking devices. 

These alerts from CISA bear similarity to a report published by the Australian Cyber Security Centre (ACSC) in June called “Copy-Paste Compromises.” The ACSC report details how foreign threat actors have targeted governments and businesses in Australia by leveraging PoC code and exploit scripts that they could “copy-paste” from public sources.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.