A nation-state hacking group and a criminal gang best known for card skimming had access to a federal civilian agency from August to January 2023, according to a Wednesday joint alert released by the Cybersecurity and Infrastructure Security Agency, the FBI and the Multi-State Information Sharing and Analysis Center.
According to the alert, both the unnamed nation-backed hacking group and the criminal group dubbed XE Group exploited known vulnerabilities in Progress Telerik software located in the unnamed government agency’s Microsoft Internet Information Services (IIS) web server.
While the nation-backed hacking group was not named, the criminal XE Group was attempting to infiltrate the agency since August 2021 using malicious DLL files masquerading as PNGs, according to the advisory. Cybersecurity firm Volexity said in a report from December 2021 that the “bread and butter” of XE Group is credit card skimming and noted that the gang is likely Vietnamese.
The vulnerability is well known and while the bug did not make it to the 15 top vulnerabilities exploited in 2021, it did get an honorable mention as a “routinely exploited” vulnerability. The bug was on the list of known-exploited vulnerabilities that CISA mandated federal agencies patch. Officials said the nation-state group has been exploiting the bug, which allows for remote code execution, as early as August 2022.
CISA declined to comment further.
The post CISA: Federal civilian agency hacked by nation-state and criminal hacking groups appeared first on CyberScoop.