HQ/EMEAFind out how we can help your business
The joint advisory from the FBI, CISA, and MS-ISAC warns everyone regarding hackers abusing the Telerik vulnerability again. According to reports, advanced persistent threat groups and financially motivated hackers have exploited this long-standing Telerik flaw.
Researchers say the exploited flaw is a three-year-old dot net deserialisation weakness within the Progress Telerik UI for ASP[.]NET AJAX. Analysts have tracked the flaw as CVE-2019-18935.
These law enforcement agencies explained that multiple threat actors, such as APT groups, exploit the flaw to execute their malicious campaigns. In addition, the flaw enables them to successfully run remote code executions on an MS IIS web server used by a Federal Civilian Executive Branch entity.
CISA has yet to release the name of the threat group that uses the vulnerability the most. However, numerous researchers believe that Vietnam-based threat actors called XE Group are the ones that have been exploiting the flaw.
The first confirmed cybercriminal activity from the group occurred in August last year after deploying DLL files that harvested system data and launched additional components on the compromised device.
The Telerik vulnerability was in the top 25 most exploited vulnerabilities.
A cybersecurity tally included the Telerik vulnerability in its top 25 vulnerabilities abused by Chinese-backed hacking groups in cybercriminal campaigns in 2020 and 2021. Additionally, the NetWalker ransomware has been the primary group to use the flaw.
On the other hand, the Chinese threat group, Praying Mantis, weaponised this flaw and another bug to infect private and public organisations in the United States. Last year, cybersecurity companies in numerous countries included the Telerik bug in their lists of commonly abused security flaws.
The continuous exploit of old vulnerabilities, like the three-year-old Telerik vulnerability, has still threatened cybersecurity researchers. APT and Financially motivated attackers have exploited this bug to breach and infect government and private sectors for years.
Therefore, cybersecurity experts should be more vigilant and take action to prevent attacks that abuse the issue mentioned earlier. Organisations should also adopt a multi-layered security protocol to thwart the threats posed by these attackers.
