Suspected Chinese hackers exploited Pulse Secure VPN to compromise ‘dozens’ of agencies and businesses in US and Europe

The alarming report highlights how hackers have repeatedly taken advantage of several known flaws and a recently discovered vulnerability in Pulse Secure VPN, a widely used remote connectivity tool, to gain access to dozens of industry organizations in the world. defense.

Tuesday’s revelations represent the latest cybersecurity crisis to hit the United States, following the Russian foreign intelligence service’s SolarWinds intrusion campaign and a series of server software exploits that Microsoft has attributed to Chinese state sponsored hackers.
The U.S. Department of Homeland Security confirmed the intrusions in its own public notice on Tuesday, urging network administrators to run a special tool designed to look for signs of compromise and install an emergency workaround released by owner Ivanti. from Pulse Secure.

The attackers who exploited Pulse Secure are extremely sophisticated and have used their access to steal account credentials and other sensitive data belonging to victimized organizations, said Charles Carmakal, senior vice president of FireEye.

“These players are highly skilled and have in-depth technical knowledge of the Pulse Secure product,” Carmakal said.

Some of the intrusions using the vulnerabilities began as early as August of last year, according to the FireEye report. The group carrying out the attacks may work for the Chinese government, according to the report, and Carmakal added that “there are similarities between parts of this activity and a Chinese player we call APT5.”

Other actors exploited the vulnerabilities as well, although FireEye said it was not clear if they could be tied to a particular government.

Hunter Hunt: How Russian Hackers Targeted U.S. Cyber ​​First Responders in SolarWinds Breach
In a blog post, Pulse Secure said the newly discovered vulnerability affects a “very limited number of customers” and that a more permanent software update to address this vulnerability will be released in early May. Software fixes already exist for the other vulnerabilities.

“The Pulse Connect Secure (PCS) team is in contact with a limited number of customers who have seen evidence of operational behavior on their PCS appliances,” said Pulse Secure. “The PCS team provided remediation advice directly to these customers.”

He added, “Customers are also encouraged to apply and take advantage of the efficient and easy-to-use Pulse Secure integrity checker tool to identify any unusual activity on their system.”

DHS’s Cybersecurity and Infrastructure Security Agency said that since March 31, it has assisted “several entities” whose vulnerable products have been exploited by a cyber threat actor.

“CISA has worked closely with Ivanti, Inc. to better understand the vulnerability of Pulse Secure VPN devices and mitigate potential risks to federal civil and private networks,” Nicky Vogt, a spokesperson for the agency, said Tuesday. . “We will continue to provide advice and recommendations to support potentially affected organizations.”

Source link