Security News > 2020 > February > Iranian Hackers Exploited Enterprise VPN Flaws in Major Campaign
Infamous Iranian hacking groups APT33 and APT34 appear to have been working together for the past three years to compromise dozens of organizations worldwide, and their attacks involved some of the enterprise VPN vulnerabilities disclosed last year, ClearSky reports.
Since 2017, the two groups likely collaborated as part of an offensive campaign targeted at numerous companies and organizations from the IT, telecommunications, oil and gas, aviation, government, and security sectors around the world, ClearSky says in a new report.
Numerous open-source and self-developed offensive tools were used as part of the operation, along with known security flaws in enterprise VPN services from Pulse Secure, Fortinet and Palo Alto Networks.
ClearSky's security researchers reveal that, throughout the observed attacks, the hackers did not employ a specific pattern to escalate privileges, steal credentials, move laterally, and ensure persistence.
The hackers also employed three public tools for reverse proxy and SSH forwarding purposes, namely Ngrok, Servo, and FRP. "The Fox Kitten campaign is a continuous campaign operated, with high probability, by state-sponsored Iranian APT groups whose purpose is espionage against numerous companies mainly in the sectors of IT, defense, electricity, oil and gas and aviation companies," ClearSky notes.
News URL
Related news
- US warns of Iranian hackers escalating influence operations (source)
- Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp (source)
- Pioneer Kitten: Iranian hackers partnering with ransomware affiliates (source)
- Iranian hackers work with ransomware gangs to extort breached orgs (source)
- Iranian Hackers Set Up New Network to Target U.S. Political Campaigns (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)