Cybersecurity

NSA warns on Russian hackers stealing data through VMware flaw

update (Alexander Supertramp/Shutterstock.com) 

The National Security Agency today announced vulnerabilities in software widely used across the federal government are being exploited by Russia-sponsored threat actors to access protected data.

The exploit could potentially affect multiple VMware Access and VMware Identity Manager products.

The attack requires a hacker to have credentials to obtain access to the management interface, according to the Dec. 7 NSA statement. Once inside, hackers can leverage the flaw to forge additional credentials to obtain protected data.

NSA's advisory stresses the importance of patching by National Security System, Department of Defense and defense industrial base system administrators.

NSA recommends administrators immediately apply the vendor-issued patch and to check server logs in the event a compromise is suspected by network operators. The advisory notes that the exploit won't show up on network security indicators because adversarial activity occurs "exclusively inside an encrypted transport layer security tunnel" that interacts with the VMware web interface.

About the Author

Justin Katz is a former staff writer at FCW.


Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2021 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

Stay Connected