Two Hacking Groups Gain Access to Federal Agency Server

The Cybersecurity and Infrastructure Security Agency revealed that two hacking groups, including Vietnam-based criminal organization XE Group, obtained access to the Microsoft Internet Information Services server of at least one federal agency where they executed unauthorized code.

According to a joint cybersecurity advisory from CISA, the FBI and the Multi-State Information Sharing and Analysis Center, the hackers exploited a vulnerability in past versions of the software developer kit Telerik UI to access the server, FCW reported.

A CISA investigation found that the agency employs a vulnerability scanner but failed to detect the flaw because the software was installed in a file path not usually covered by the monitoring process. The advisory noted that permission restraints prevented the hackers from gaining privileged access and moving laterally within the network.

Threat actors have used the vulnerability to install malware on target systems since August 2021. To prevent similar cyber incidents in the future, users are advised to implement a patch management solution, validate the output from patch management and vulnerability scanning and limit service accounts to the minimum permissions necessary to run services.