FBI/DHS: Government election systems face threat from active Zerologon exploits

reader comments

51 with 39 posters participating

The FBI and the cybersecurity arm of the Department of Homeland Security said they have detected hackers exploiting a critical Windows vulnerability against state and local governments and that, in some cases, the attacks are being used to breach networks used to support elections.

Members of unspecific APTs—the abbreviation for advanced persistent threats—are exploiting a Windows vulnerability dubbed Zerologon. It gives attackers who already have a toehold on a vulnerable network access to the all-powerful domain controllers that administrators use to allocate new accounts and manage existing ones.

To gain initial access, the attackers are exploiting separate vulnerabilities in firewalls, VPNs, and other products from companies including Juniper, Pulse Secure, Citrix (formerly NetScaler), and Palo Alto Networks. All of the vulnerabilities—Zerologon included—have received patches, but as evidenced by Friday’s warning from the DHS and FBI, not everyone has installed them. The inaction is putting governments and elections systems at all levels at risk.

Officials wrote:

This recent malicious activity has often, but not exclusively, been directed at federal and state, local, tribal, and territorial (SLTT) government networks. Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks.

CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised. There are steps that election officials, their supporting SLTT IT staff, and vendors can take to help defend against this malicious cyber activity.

Zerologon works by sending

Continue reading – Article source