Spy groups hack into companies using zero-day flaw in Pulse Secure VPN
Known and unknown groups are using VPN vulnerabilities to circumvent authentication and establish backdoors. Credit: Dreamstime
Over the past few months, several cyber espionage groups, including one believed to be tied to the Chinese government, have been breaking into the networks of organisations from the United States and Europe by exploiting vulnerabilities in VPN appliances from zero-trust access provider Pulse Secure.
Some of the flaws date from 2019 and 2020, but one was unknown until this month. Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices, researchers from Mandiant, the MDR and incident response arm of security vendor FireEye, said in a newly released report.
Government agencies breached in hacking campaign targeting Pulse Secure VPN appliances
SHARE
Multiple U.S. government agencies have been breached by suspected Chinese state-sponsored hackers who exploited vulnerabilities in Pulse Secure LLC virtual private network appliances.
Confirmed by cybersecurity company FireEye Inc. and Pulse Secure itself along with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency, the attacks are believed to have started around June.
Three of the vulnerabilities exploited in the attacks have been previously detected and patched in 2019 and 2020. The fourth vulnerability was discovered this month and affected a very limited number of customers.
minute read
Share this article:
CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs.
A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said.
Download “The Evolution of Ransomware” to gain valuable insights on emerging trends amidst rapidly growing attack volumes. Click above to hone your defense intelligence!
The flaw, tracked as CVE-2021-22893, allows remote code-execution (RCE) and is being used in the wild to gain administrator-level access to the appliances, according to Ivanti research. Pulse Secure said that the zero-day will be patched in early May; but in the meantime, the company worked with Ivanti (its parent company) to release both mitigations an
By Justin Katz
Hours after warning that government agencies have been affected by vulnerabilities found in a piece of virtual private networking software, the Cybersecurity and Infrastructure Security Agency issued its third emergency directive in five months to civilian federal agencies.
The new directive instructs agencies to repeatedly run a tool on all devices using Pulse Connect Secure products that checks for issues associated with exploits allegedly being used by a hacking campaign with links to the Chinese government.
If the tool does not detect an issue, agencies should continue to run it daily until a patch is developed or apply a workaround mitigation. CISA also wrote that it is coordinating its response with FedRAMP, the government s program to provide a standardized security assessment for cloud products and services.
By Justin Katz
The Cybersecurity and Infrastructure Security Agency on Tuesday confirmed that a number of federal agencies were compromised by a threat actor last year through vulnerabilities found in virtual private networking software made by Pulse Connect Secure.
CISA is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor or actors beginning in June 2020 or earlier related vulnerabilities in certain Ivanti Pulse Connect Secure products, according to an April 20 advisory. Since March 31, 2021, CISA assisted multiple entities whose vulnerable Pulse Connect Secure products have been exploited by a cyber threat actor, the advisory continues.