It has been reported that hackers have gained access to US government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert recently published. Attacks have targeted federal and state, local, tribal, and territorial (SLTT) government networks. Attacks against non-government networks have also been detected, the two agencies said. “CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised,” the security alert reads.
Full story here: https://www.zdnet.com/
This is typical behavior when new vulnerabilities and public exploits surface, underlining the importance of proper asset & vulnerability management and patch management. You can safely assume whenever a new vulnerability becomes publicly known, that a race starts to whomever can find a stable exploit and potentially chain it in further attacks. This goes for both the information security community, as well as adversarial hackers. The main difference is their motivation, to either disclose something and help expedite solutions or to weaponize and exploit as many victims as possible in the shortest amount of time. Once an initial foothold is gained by adversaries, they want to try and elevate their privileges as quickly as possible. By chaining vulnerabilities such as the VPN vulnerabilities (gaining access) and the Zerologon vulnerability (elevating privileges) adversaries can go through the entire attack lifecycle in an efficiently automated fashion.