The alarming report highlights how hackers have repeatedly taken advantage of several known flaws and a recently discovered vulnerability in Pulse Secure VPN, a widely used remote connectivity tool, to gain access to dozens of industry organizations in the world. defense.
The attackers who exploited Pulse Secure are extremely sophisticated and have used their access to steal account credentials and other sensitive data belonging to victimized organizations, said Charles Carmakal, senior vice president of FireEye.
“These players are highly skilled and have in-depth technical knowledge of the Pulse Secure product,” Carmakal said.
Some of the intrusions using the vulnerabilities began as early as August of last year, according to the FireEye report. The group carrying out the attacks may work for the Chinese government, according to the report, and Carmakal added that “there are similarities between parts of this activity and a Chinese player we call APT5.”
Other actors exploited the vulnerabilities as well, although FireEye said it was not clear if they could be tied to a particular government.
“The Pulse Connect Secure (PCS) team is in contact with a limited number of customers who have seen evidence of operational behavior on their PCS appliances,” said Pulse Secure. “The PCS team provided remediation advice directly to these customers.”
He added, “Customers are also encouraged to apply and take advantage of the efficient and easy-to-use Pulse Secure integrity checker tool to identify any unusual activity on their system.”
DHS’s Cybersecurity and Infrastructure Security Agency said that since March 31, it has assisted “several entities” whose vulnerable products have been exploited by a cyber threat actor.
“CISA has worked closely with Ivanti, Inc. to better understand the vulnerability of Pulse Secure VPN devices and mitigate potential risks to federal civil and private networks,” Nicky Vogt, a spokesperson for the agency, said Tuesday. . “We will continue to provide advice and recommendations to support potentially affected organizations.”