Warning comes as Russian state-sponsored threat group Gamaredon launches attacks on targets in Ukraine
Zyxel has assigned the vulnerability a score of 9.8 out of 10 to the bug which allows hackers to bypass authentication to gain administrative access
The federal agencies are urging organisations to immediately apply recommended mitigations to secure their machines
Allows attackers to distribute second-stage payloads to infected devices
Attackers have been able to steal communications infrastructure plans, weapons deployment schedules, and other sensitive data in a campaign lasting at least two years
No actor, system, or service operating within or outside the security perimeter can be trusted, according to the new paradigm
SFA is particularly dangerous for entities that support critical infrastructure or national critical functions
Bug details 'may be kept restricted until a majority of users are updated with a fix'
On-prem service restoration could follow within 24 hours
Joint UK/US report says GRU-linked attacks are mainly directed at organisations that use Microsoft 365