The U.S. Sanctions Russia Over Cyber Attacks

Posted on by Dawna M. Roberts in News April 30, 2021
https://content.infopay.net/storage/thumbnails/vfTQiY8M0GaxskSF7yZJiGJO79JxT6hvj2AyDcrR.jpg

 After the SolarWinds supply chain attack, there was a lot of speculation about those responsible. This week, the U.S. government and Biden administration formally sanctioned Russia, citing the SolarWinds attack and its involvement in disruptive tactics related to the 2020 election campaign.

What the Russian Government Has Been Involved In

Although the Russian Ministry of Foreign Affairs publicly denied on Thursday that they had any involvement in the SolarWinds attack or any disruption of the election campaign, U.S. security experts are confident that they are dropping blame on the right doorstep.

Earlier on Thursday, the FBI, NSA, and Cybersecurity and Infrastructure Security Agency (CISA) announced that they are tracking five known vulnerabilities that Russian Intelligence is using to exploit targets. On the heels of this announcement, President Biden formally sanctioned Russia and noted five Russian technology/security companies urging other governments and companies to steer clear of these perpetrators.

The five vulnerabilities are explained by Data Breach Today:

  • CVE-2018-13379:  This vulnerability affects the Fortinet FortiOS operating system 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12, which is used in the company’s Secure Sockets Layer (SSL) Virtual VPN web portal. If exploited, it could allow an unauthenticated attacker to download system files via a specially crafted HTTP resource request.
  •  CVE-2019-9670:  This flaw affects the Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10. If exploited, it could allow an attacker to use an XML External Entity (XXE) injection.
  •  CVE-2019-11510:  Exploits of this vulnerability in Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 could allow a remote attacker to send a specially crafted Uniform Resource Identifier to perform an arbitrary file read.
  •  CVE-2019-19781:  This vulnerability affects Citrix ADC and Gateway versions before 13.0.47.24, 12.1.55.18, 12.0.63.13, 11.1.63.15 and 10.5.70.12 and SD-WAN WANOP 4000-WO, 4100-WO, 5000-WO, and 5100-WO versions before 10.2.6b and 11.0.3b. If exploited, it could allow for directory traversal.
  •  CVE-2020-4006:  This vulnerability in VMware One Access 20.01 and 20.10 on Linux, VMware Identity Manager 3.3.1-3.3.3 on Linux, VMware Identity Manager Connector 3.3.1-3.3.3 and 19.03, VMware Cloud Foundation 4.0-4.1, and VMware vRealize Suite Lifecycle Manager 8.x could be exploited for command injection vulnerability.”

U.S. Government Sanctions

Biden hurled multiple economic sanctions at Vladimir Putin’s government last week and, according to Data Breach Today, is also

“sanctioning more than 30 Russian companies and individuals accused of supplying tools, infrastructure, and technologies for various cyber operations or participating in the election-related disinformation campaign.”

Along with the sanctions, Biden is expelling 10 Russian diplomats from the country.

Data Breach Today warns that “In addition, the  Treasury Department  will now prohibit U.S. financial institutions from participating in the primary market for ruble or non-ruble denominated bonds issued after June 14 by a number of Russian agencies, including the nation’s Central Bank, National Wealth Fund and Ministry of Finance.”

The Biden administration took these steps to “address the Russian government’s efforts to undermine the conduct of free and fair democratic elections and democratic institutions in the United States and its allies and partners; [and] to engage in and facilitate malicious cyber-enabled activities against the United States and its allies and partners.”

In their public notice, a senior White House official said, “Those efforts should serve as a warning about the risks of using information and communications technology and services supplied by companies that operate or store user data in Russia or rely on software development or remote technical support by personnel in Russia. The U.S. government strongly encourages all U.S. companies using communications or technologies supplied by companies with ties to Russia to evaluate the security of their infrastructure and be aware of the potential for future U.S. action that may affect their operation.”

Check Your Records For Breaches, Leaks, & Exposures

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s c... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien” is ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the country, ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% of the... Read More

FREE IDENTITY THREAT SCAN
Scan Your Records for Breaches, Leaks & Exposures!