Evaluate the Vulnerabilities Relating to National Critical Infrastructure Sectors

An official website of the United States government. Here’s how you know

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search

FBI

More

• Most Wanted
• News
• What We Investigate
• Services
• Resources
• Submit a Tip
• About
• Contact Us

1. 
   

• News
• Press Releases
• Press Releases

• 
  

• 
  

• 
  

• 
  

• 
  

• 
  

• 
  

• Search FBI

FBIFederal Bureau of Investigation

Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks

News

• Stories
• Videos
• Press Releases
• Speeches
• Testimony
• Podcasts
• Photos
• Apps

Washington, D.C.

FBI National Press Office

(202) 324-3691

Share on Twitter Twitter
Share on Facebook Facebook
Email Email

April 15, 2021

Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” today to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.  

Mitigation against these vulnerabilities is critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors. In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA. This was highlighted in NSA’s Cybersecurity Advisory, “Russian State-Sponsored Actors Exploiting Vulnerability in Workspace ONE Access Using Compromised Credentials.”

NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations. NSA, CISA, and FBI also recognize all partners in the private and public sectors for comprehensive and collaborative efforts to respond to recent Russian activity in cyberspace.

NSA encourages its customers to mitigate against the following publicly known vulnerabilities:

• CVE-2018-13379 Fortinet FortiGate VPN
• CVE-2019-9670 Synacor Zimbra Collaboration Suite
• CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
• CVE-2019-19781 Citrix Application Delivery Controller and Gateway
• CVE-2020-4006 VMware Workspace ONE Access

For more information, review the advisory or visit NSA.gov/cybersecurity-guidance.

View the infographic on understanding the threat and how to take action.

• Most Wanted
• Ten Most Wanted
• Fugitives
• Terrorism
• Kidnappings / Missing Persons
• Seeking Information
• Bank Robbers
• ECAP
• ViCAP
• About
• Mission & Priorities
• Leadership & Structure
• Partnerships
• Community Outreach
• FAQs

• News
• Stories
• Videos
• Press Release
• Speeches
• Testimony
• Podcasts and Radio
• Photos
• Español
• Apps
• Resources
• Law Enforcement
• Businesses
• Victim Assistance
• Reports & Publications

• What We Investigate
• Terrorism
• Counterintelligence
• Cyber Crime
• Public Corruption
• Civil Rights
• Organized Crime
• White-Collar Crime
• Violent Crime
• WMD
• Contact Us
• Field Offices
• FBI Headquarters
• Overseas Offices

• Services
• CJIS
• CIRG
• Laboratory Services
• Training Academy
• Operational Technology
• Information Management
• FBI Jobs
• Submit a Tip
• Crime Statistics
• History
• FOIPA
• Scams & Safety
• FBI Kids
• FBI Tour

• Additional Resources
• Accessibility
• eRulemaking
• Freedom of Information / Privacy Act
• Legal Notices
• Legal Policies & Disclaimers
• Privacy Policy
• USA.gov
• White House
• No FEAR Act
• Equal Opportunity

fbi

federal bureau of investigation

• 
  
• 
  
• 
  
• 
  
• 
  
• 
  

FBI.gov Contact Center

Email updates

• • Accessibility
  • eRulemaking
  • Freedom of Information / Privacy Act
  • Legal Notices
  • Legal Policies & Disclaimers
• • Privacy Policy
  • USA.gov
  • White House
  • No FEAR Act
  • Equal Opportunity

FBI.gov is an official site of the U.S. Department of Justice
©

Search FBI

• Home
• Most Wanted
• News
• What We Investigate
• Services
• Resources
• Submit a Tip
• About
• Contact Us
• Crime Statistics
• Photos
• Video
• Outreach
• History
• FOIA
• Scams & Safety
• FBI Kids
• FBI Jobs

emailStay Connected
Get FBI email alerts

Subscribe
No Thanks

×