Today, the United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s Cyber Security Centre (NCSC-NZ), Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD) published a joint Malware Analysis Report (MAR), on Infamous Chisel a new mobile malware targeting Android devices with capabilities to enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information. Infamous Chisel mobile malware has been used in a malware campaign targeting Android devices in use by the Ukrainian military.

Infamous Chisel is a collection of components targeting Android devices and is attributed to Sandworm, the Russian Main Intelligence Directorate’s (GRU’s) Main Centre for Special Technologies, GTsST. The malware’s capability includes network monitoring, traffic collection, network backdoor access via The Onion Router (Tor) and Secure Shell (SSH), network scanning and Secure Copy Protocol (SCP) file transfer. 

The authoring organizations urge users, network defenders, and stakeholders to review the malware analysis report for indicators of compromise (IOCs) and detection rules and signatures to determine system compromise. For more information about malware, see CISA’s Malware, Phishing, and Ransomware page. The joint MAR can also be read in full on the NCSC-UK website. Associated files relating to this report can also be accessed via the NCSC’s Malware Analysis Reports page. For more information on Russian state-sponsored cyber activity, please see CISA’s Russia Cyber Threat Overview and Advisories webpage.

VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0018 and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities for Firefox 117, Firefox ESR 115.2, and Firefox ESR 102.5. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

• Firefox 117
• Firefox ESR 115.2
• Firefox ESR 102.5

CISA released one Industrial Control Systems (ICS) advisory on August 29, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. 

• ICSA-23-241-01 PTC CodeBeamer

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2023-38831 RARLAB WinRAR Code Execution Vulnerability
• CVE-2023-32315 Ignite Realtime Openfire Path Traversal Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.