IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Hacker Campaign Targets Govs' VPN, Windows Vulnerabilities

Federal agencies are warning that a recent wave of intrusion attempts by hackers are targeting state and local governments. Some of the attacks appear to have led to unauthorized access to election support systems.

An abstract background concept of a cybersecurity map
Shutterstock/pinkeyes
Hacker groups are attacking government networks by going after vulnerabilities in certain virtual private network products (VPNs) and Windows systems, according to a recent warning from federal agencies.

Advanced persistent threat groups (APTs) recently launched an attack campaign that uses a technique known as vulnerability chaining, a process by which multiple security flaws can be exploited simultaneously, according to a joint warning issued by the FBI and Cybersecurity and Infrastructure Security Agency (CISA). 

These attacks exploit several known vulnerabilities in Fortinet VPN while also leveraging a relatively new privilege escalation technique, an attack against Windows Netlogon designed to give the hacker more control once they've breached network defenses.  

This escalation technique basically allows bad actors to commandeer the servers that validate login requests and other security procedures, which, in the worst case scenario, gives them access to all of the workstation passwords connected to a given network.

The attacks have "often, but not exclusively, been directed at federal and state, local, tribal and territorial (SLTT) government networks," CISA and the FBI warned. Similar attacks have also been seen in the private sector.

It is unknown which hacker groups are involved in the attacks, though the Iranian threat group MERCURY was recently spotted using the Netlogon exploit in their attacks. 

Most alarmingly, there is evidence that hackers appear to have gained, in some cases, "unauthorized access to elections support systems," though CISA clarified that it has so far seen no evidence that election data has been compromised. 

With approximately three weeks until election day, governments should be on high alert against these sorts of weaknesses. Experts suggest any cyberincidents involving elections could easily lead to decreased voter confidence in election integrity, which, as recent polls have shown, is already in a weakened state

"Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks," the alert states.

CISA suggests that organizations shrink their attack surface through a number of methods, a full list of which is available on the agency's website

Lucas Ropek is a former staff writer for Government Technology.