Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution.
The snafu happened between November 2022 and early January, according to a joint alert from the FBI, CISA, and America's Multi-State Information Sharing and Analysis Center (MS-ISAC) this week.
The Feds became aware of the intrusion after spotting warning signs at a federal civilian executive branch agency, the advisory said. It did not name the federal agency.
"Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a .NET deserialization vulnerability (
CVE-2019-18935) in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency's Microsoft Internet Information Services (IIS) web server," the joint advisory
said.