CISA Issues Crucial Alert for Federal Agencies to Address Zero-Day Vulnerabilities Following Major Hacking Campaign
Beijing [China]: The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has promulgated an urgent directive, mandating that federal agencies identify and rectify systemic vulnerabilities.
This action follows the revelation of a significant hacking campaign exploiting zero-day vulnerabilities, as detailed by The Epoch Times.
CISA has characterized the operation as a “serious threat” to governmental networks, particularly because these flaws persist even post-reboot and system upgrades.
Zero-day vulnerabilities are defined as previously undiscovered gaps within software, firmware, or hardware that cybercriminals can exploit immediately, prior to developers initiating a security patch.
Cisco, a prominent entity in this investigation, has linked the campaign to the advanced threat actor known as ArcaneDoor. The company disclosed that multiple federal agencies had sought its assistance since May to investigate attacks on Cisco ASA devices.
Cisco expressed “high confidence” in its findings and strongly urged its clientele to update to remedied software versions to thwart the attackers’ methodologies.
Moreover, there are indications suggesting possible Chinese involvement. Cybersecurity firm Censys reported in May that a significant portion of ArcaneDoor’s infrastructure was traced back to Chinese networks.
Specifically, four out of five IP addresses associated with this group were hosted in China, with some connected to major entities like Tencent and telecom provider ChinaNet.
Censys posited that the extensive and resourceful nature of such networks would be advantageous for a global cyber operation, thereby raising concerns regarding potential state support, as underscored by The Epoch Times.
This directive coincides with remarks from CISA’s acting deputy executive assistant director for cyber, Chris Butera, during a FedScoop panel discussion on the escalating challenge of patching vulnerabilities.
Butera elucidated that over 40,000 vulnerabilities were disclosed last year, rendering it nearly insurmountable for organizations to keep up. He highlighted the pivotal role of automation and artificial intelligence in mitigating these threats.
Furthermore, Butera noted that federal agencies have achieved substantial progress, patching more than 99 percent of the internet-facing vulnerabilities cataloged in CISA’s Known Exploited Vulnerabilities database, as reported by The Epoch Times.
Source link: Newsable.asianetnews.com.
