Security News > 2020 > February > Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide
Exploiting VPN Flaws to Compromise Enterprise Networks The primary attack vector employed by the Iranian groups has been the exploitation of unpatched VPN vulnerabilities to penetrate and steal information from target companies.
Once the attackers gained lateral movement capabilities, the attackers move to the final stage: execute the backdoor to scan the compromised system for relevant information and exfiltrate the files back to the attacker by establishing a remote desktop connection or opening a socket-based connection to a hardcoded IP address.
The Work of Multiple Iranian Hacking Groups Based on the campaign's use of web shells and overlaps with the attack infrastructure, the ClearSky report highlighted that the attacks against VPN servers are possibly linked to three Iranian groups - APT33, APT34 and APT39.
Just last month, Iranian state-backed hackers - dubbed "Magnallium" - were discovered carrying out password-spraying attacks targeting US electric utilities as well as oil and gas firms.
Given that the attackers are weaponizing VPN flaws within 24 hours, it's imperative that organizations install security patches as and when they are available.
News URL
Related news
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- US warns of Iranian hackers escalating influence operations (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp (source)
- Pioneer Kitten: Iranian hackers partnering with ransomware affiliates (source)
- Iranian hackers work with ransomware gangs to extort breached orgs (source)
- Iranian Hackers Set Up New Network to Target U.S. Political Campaigns (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)