An unidentified federal civilian executive branch (FCEB) agency’s Microsoft Internet Information Services (IIS) web server was compromised by a number of threat actors, including an advanced persistent threat (APT). The advisory, which includes in-depth technical information and indicators of the breach, was created by CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
Apparently, a critical.NET deserialization flaw in the Progress Telerik UI for ASP.NET AJAX component allowed hackers to compromise a Microsoft Internet Information Services (IIS) web server used by a U.S. government agency last year.
As per the advisory, the threat actors acquired access to the servers between November 2022 and early January 2023 based on indicators of compromise (IOCs) found on the unidentified FCEB agency’s network. To acquire remote code execution, at least two threat actors (among them the Vietnamese XE Group) accessed the unpatched server.
According to CISA, the central vulnerability was linked with the Telerik UI flaw on the IIS server – CVE-2017-11357 and CVE-2017-11317 – However, the forensic investigation was unable to conclusively verify which of the two was utilized, or even w
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: