Vulnerability Exploited

According to CISA, the attackers are exploiting a recently discovered vulnerability in Chrome (CVE-2022-3059). This vulnerability allows attackers to execute arbitrary code on target computers, giving them full control over the device.

Agencies Urged to Patch

CISA has strongly urged all federal agencies to apply the latest Chrome security updates as soon as possible. The update, version 107.0.5304.63, addresses the vulnerability and prevents exploitation.

Expert Concerns

“This is a serious vulnerability that could have significant consequences,” said Sam Curry, Chief Security Officer at Cybereason. “Organizations should prioritize patching their systems and implementing additional security measures to minimize their exposure to this threat.”

Threat Actors

CISA has not yet identified the specific threat actors responsible for the campaign but is actively investigating the incident. The agency believes that the hackers are likely part of a sophisticated group.

Mitigation Measures

In addition to applying the Chrome update, CISA recommends that agencies implement the following mitigation measures:

• Enable enhanced phishing and malware protection in Chrome
• Use a multi-factor authentication (MFA) solution
• Monitor network traffic for suspicious activity

Outlook

The ongoing investigation into this incident is expected to yield more information about the threat actors’ motivations and tactics. CISA will continue to provide updates and guidance as the situation evolves.

Organizations should remain vigilant and take all necessary precautions to protect their systems from this and similar vulnerabilities.