| Category | Details |
|---|---|
| Threat Actors | • China-linked APT41 (previously attributed to exploiting CVE-2021-44207 in 2021). |
| Campaign Overview | • CVE-2021-44207 vulnerability in Acclaim USAHERDS exploited for remote code execution, now patched and added to CISA’s KEV catalog. |
| Target Regions (Victims) | • U.S. state government networks, Federal Civilian Executive Branch (FCEB) agencies. |
| Methodology | • Exploiting hard-coded, static credentials (ValidationKey and DecryptionKey) in Acclaim USAHERDS for remote code execution via ViewState deserialization. |
| Product Targeted | • Acclaim Systems USAHERDS (version 7.4.0.1 and prior). |
| Malware Reference | • No specific malware mentioned, but remote code execution possible through ViewState deserialization. |
| Tools Used | • Deserialization of maliciously crafted ViewState data. |
| Vulnerabilities Exploited | • Hard-coded, static credentials (ValidationKey, DecryptionKey) in Acclaim USAHERDS, CVE-2021-44207. |
| TTPs | • Use of static credentials, ViewState deserialization, remote code execution. |
| Attribution | • CISA, Mandiant, China-linked APT41. |
| Recommendations | • Apply vendor-provided mitigations by January 13, 2025, to safeguard against active exploitation. |
| Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/cisa-adds-acclaim-usaherds.html
The above summary has been generated by an AI language model
Leave a Reply