Email this Article Email   

CHIPS Articles: NSA Cybersecurity Alert: Russian State-Sponsored Malicious Cyber Actors Exploit Known Vulnerability in Virtual Workspaces

NSA Cybersecurity Alert: Russian State-Sponsored Malicious Cyber Actors Exploit Known Vulnerability in Virtual Workspaces
By NSA Cybersecurity Alert - December 9, 2020
Ft. MEADE, Md., Dec. 7, 2020 — The National Security Agency (NSA) released a Cybersecurity Advisory [Dec. 7] detailing how Russian state-sponsored actors have been exploiting a vulnerability in VMware® products to access protected data on affected systems. This advisory emphasizes the importance for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) system administrators to apply vendor-provided patches to affected VMware® identity management products and provides further details on how to detect and mitigate compromised networks.

The products affected by this vulnerability are the VMware® Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector, with specific product versions also identified in the VMware® advisory. The exploitation of this vulnerability first requires that a malicious actor have access to the management interface of the device. This access can allow attackers to forge security assertion markup language (SAML) credentials to send seemingly authentic requests to gain access to protected data.

NSA strongly recommends that NSS, DoD, and DIB system administrators apply the vendor-issued patch as soon as possible. If a compromise is suspected, check server logs and authentication server configurations as well as applying the product update. In the event that an immediate patch is not possible, system administrators should apply mitigations detailed in the advisory to help reduce risk of exploitation/compromise/attack.

For a quick summary on how you can take action, take a look at our infographic.

For full details, please read the full advisory.

Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace Infographic
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer