Considering the “resurgence of attack campaigns in recent days on national sites claimed by Russian actors and the possible shift to more complex attack campaigns”, the CSIRT (the response team of the National Cybersecurity Agency) identified 71 vulnerabilities that “should be resolved urgently and as a matter of priority within a risk management process by the most exposed operators (including critical infrastructure managers)”.
These vulnerabilities, highlights the CSIRT, “are the most used in the context of attack campaigns publicly attributed to malevolent actors linked to the Russian Federation in 18 different public references”. The alert provides an analysis and lists the tactics, techniques and procedures useful, among other things, to obtain initial access and move laterally within the victim infrastructure, as well as the related mitigation actions, “whose implementation it becomes even more necessary in the light of the international situation in progress “. Most of the vulnerabilities “are exploited by malicious actors to gain initial access to target systems and are mainly related to infrastructure, remote access or networking services.”
The Agency also specifies that “attributing a cyber attack to a particular actor is a long and complex process, not only of a technical nature, sometimes made even more difficult by the use of ‘false flag operations'”. Today’s analysis, therefore, “is based on the attributions of attacks carried out by organizations and third countries and made public by them and aims, consistently with the activities of the Agency and solely with a view to increasing resilience, to preserve national digital infrastructures from possible attacks using known security vulnerabilities “.