Go to listing page

Telerik Vulnerability Abused by Threat Actors - Warns CISA

Telerik Vulnerability Abused by Threat Actors - Warns CISA
The exploitation of old vulnerabilities continues to be a major concern in the world of cybersecurity. Financially motivated hackers and APT threat actors have been found to be taking advantage of a three-year-old Telerik vulnerability, as revealed in a joint advisory from the CISA, the FBI, and MS-ISAC.

Diving into details

The bug in question is a three-year-old .NET deserialization issue, tracked as CVE-2019-18935, present in the Progress Telerik UI for ASP.NET AJAX. 
  • According to the advisory, multiple threat actors, including an APT group, exploited this vulnerability. 
  • It allowed them to successfully execute remote code on a Microsoft IIS web server used by a Federal Civilian Executive Branch (FCEB) agency.
  • While the CISA did not name the attacker, it stated that a Vietnam-based threat group, named XE Group, had abused the same machine. 
  • The first activity by this gang was spotted in August 2021 when the attackers deployed DLL files that gathered system data and dropped further components on the compromised machine. 

About the bug

  • The NSA included this vulnerability in its list of the top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild in both 2020 and 2021.
  • This flaw was, furthermore, exploited by the NetWalker ransomware gang in its operations in 2020.
  • In June 2021, Praying Mantis weaponized this flaw along with another bug (CVE-2017-11317) to compromise private and public organization networks in the U.S. 
  • In April 2022, cybersecurity companies in the U.S., the U.K, New Zealand, Australia, and Canada included the Telerik vulnerability in their lists of commonly abused security bugs.

The bottom line

The exploitation of old vulnerabilities such as the three-year-old Telerik vulnerability continues to pose a significant threat to cybersecurity. Financially motivated hackers and APT groups have repeatedly exploited this flaw to infiltrate and compromise government and private organizations' networks, causing significant damage. Cybersecurity professionals must remain vigilant, staying informed of emerging threats and vulnerabilities to proactively address them before they are exploited.
Cyware Publisher

Publisher

Cyware