CISA/FBI Alert: Threat Actors Targeting Organizations Using...

CISA/FBI Alert: Threat Actors Targeting Organizations Using Chained Exploits Including Zerologon (CVE-2020-1472)

Last week, the Cybersecurity Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory with the Federal Bureau of Investigation (FBI) regarding activity associated with Advanced Persistent Threat (APT) groups. According to the alert, identified as AA20-283A, the attackers are targeting unpatched vulnerabilities across a number of products including:

Pulse Connect Secure SSL VPN
Fortinet FortiOS SSL VPN
Citrix NetScaler
Juniper Junos OS
Palo Alto Networks PAN-OS
F5 BIG-IP
MobileIron

Most notable, however, is the increasing usage of “Zerologon,” a critical elevation of privilege vulnerability in Microsoft’s Netlogon identified as CVE-2020-1472.

According to CISA and the FBI, attackers are using vulnerability chaining or exploit chaining, gaining an initial foothold into their target environment via an unpatched vulnerability, and then elevating privileges using Zerologon.

For more information about the vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

CISA/FBI Alert: Threat Actors Targeting Organizations Using...

Recent Discussions

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Americas

Europe

Asia / Australia