Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks Published April 15, 2021 FORT MEADE, Md. -- Five Vulnerabilities SVR is Exploiting Right Now & How to Stop Them Infographic Photo Details / Download Hi-Res Russian SVR Targets U.S. and Allied Networks,” today to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. Government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them. Mitigation against these vulnerabilities is critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors. In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA. This was highlighted in NSA’s Cybersecurity Advisory, “Russian State-Sponsored Actors Exploiting Vulnerability in Workspace ONE Access Using Compromised Credentials.” NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations. NSA, CISA, and FBI also recognize all partners in the private and public sectors for comprehensive and collaborative efforts to respond to recent Russian activity in cyberspace. NSA encourages its customers to mitigate against the following publicly known vulnerabilities: CVE-2018-13379 Fortinet FortiGate VPN CVE-2019-9670 Synacor Zimbra Collaboration Suite CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN CVE-2019-19781 Citrix Application Delivery Controller and Gateway CVE-2020-4006 VMware Workspace ONE Access For more information, review the advisory or visit NSA.gov/cybersecurity-guidance. View the infographic on understanding the threat and how to take action.