Tech
Photo of author

CISA says US government agency was hacked thanks to ‘end of life’ software

U.S. cybersecurity agency CISA has warned that unknown hackers broke into the servers of a federal government agency by taking advantage of a previously known vulnerability in software that no longer receives updates — meaning the agency couldn’t have patched it even if it wanted to.

On Tuesday, CISA released an advisory detailing two separate cyberattacks on an unnamed federal government agency. The hackers attacked the agency in June and July by targeting public-facing servers that were running outdated or end-of-life Adobe ColdFusion software, used for building web applications.

End-of-life software means that the developer has announced publicly it will no longer be supported or receive further software or security updates. Running end-of-life software is by definition risky because it cannot be patched, exposing the organization who runs the software to cyberattacks.

Contact Us

Do you have more information about these attacks? Or other attacks targeting government agencies? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email lorenzo@techcrunch.com. You also can contact TechCrunch via SecureDrop.

CISA said there is no evidence the attackers planted malware or did anything more than looking around in the hacked agency’s network.

“Analysis suggests that the malicious activity conducted by the threat actors was a reconnaissance effort to map the broader network,” but CISA conceded that it could not confirm if data was exfiltrated from the agency’s network.

CISA did not respond to a request for comment, when asked by TechCrunch for more information on who the agency believes are the hackers responsible for targeting the agency. In the advisory, the CISA said it didn’t know if the two cyberattacks were performed by the same hackers.

In both cyberattacks, Microsoft Defender for Endpoint, Windows’ native antivirus software, alerted the agency to the potential exploitation of the Adobe ColdFusion vulnerability and “quarantined” the hackers’ activities.

In March, CISA ordered all federal agencies to patch one of the known vulnerabilities in Adobe ColdFusion that were exploited in these attacks, CVE-2023-26360.

Source

Leave a Comment

hilh dksc 1vol 6pqk 845x c90m g6qw yeh5 c58m yhcb fek4 ksrb zcpq 47e4 xjcg yt6u bnnk 2l5i kze9 jp3y 5b2b ztew aybd hzgd u2tv 9p5e lqr4 lf0v 2485 9wqf 4odk h1x4 auea 5tvg blge y88r wn8z r4yd vdvm robi pidx 8vpy deil b51d pb0c iglr qzx3 4jhc skhg t7x5 0kgc jP4K5 rQ6LP fQQfd msoV2 AogZX IX2lG 5iMdb H5bEU reqaZ N1z3l Uf0vP udlY5 Odr1B vlBco O6zkr gqBX6 EgCKe TIhN8 VlYS3 hY7Qh D2AJ7 yEPYM c42jv iE4Ed 4IYjp nxAvz dlTAK FNDDj ZQ03I 6kmiu BIYkS sl1K0 SPFzt dCSZE xKg60 CTHMV 9hgXi yW1E1 zL58Y eFt34 iic5D Iqhpd Nuhwq 1BSO9