CISA Implements Ransomware Warning Program for Critical Infrastructure
A US federal agency's Microsoft IIS web server was hacked by exploiting a critical .NET deserialization vulnerability in the Progress Telerik UI for ASP.NET AJAX component. At least two threat actors accessed the unpatched server by exploiting this bug to gain remote code execution. The attackers had access to the server between November 2022 and early January 2023. The malware installed on the compromised IIS server could deploy additional payloads, evading detection by deleting its traces on the system, and opening reverse shells to maintain persistence. The CVE-2019-18935 Telerik UI vulnerability was also included in the NSA's top 25 security bugs abused by Chinese hackers and the FBI's list of top targeted vulnerabilities.