Security News > 2020 > February > Iranian Hackers Exploited Enterprise VPN Flaws in Major Campaign
Infamous Iranian hacking groups APT33 and APT34 appear to have been working together for the past three years to compromise dozens of organizations worldwide, and their attacks involved some of the enterprise VPN vulnerabilities disclosed last year, ClearSky reports.
Since 2017, the two groups likely collaborated as part of an offensive campaign targeted at numerous companies and organizations from the IT, telecommunications, oil and gas, aviation, government, and security sectors around the world, ClearSky says in a new report.
Numerous open-source and self-developed offensive tools were used as part of the operation, along with known security flaws in enterprise VPN services from Pulse Secure, Fortinet and Palo Alto Networks.
ClearSky's security researchers reveal that, throughout the observed attacks, the hackers did not employ a specific pattern to escalate privileges, steal credentials, move laterally, and ensure persistence.
The hackers also employed three public tools for reverse proxy and SSH forwarding purposes, namely Ngrok, Servo, and FRP. "The Fox Kitten campaign is a continuous campaign operated, with high probability, by state-sponsored Iranian APT groups whose purpose is espionage against numerous companies mainly in the sectors of IT, defense, electricity, oil and gas and aviation companies," ClearSky notes.
News URL
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)