Security News > 2020 > February > Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide
Exploiting VPN Flaws to Compromise Enterprise Networks The primary attack vector employed by the Iranian groups has been the exploitation of unpatched VPN vulnerabilities to penetrate and steal information from target companies.
Once the attackers gained lateral movement capabilities, the attackers move to the final stage: execute the backdoor to scan the compromised system for relevant information and exfiltrate the files back to the attacker by establishing a remote desktop connection or opening a socket-based connection to a hardcoded IP address.
The Work of Multiple Iranian Hacking Groups Based on the campaign's use of web shells and overlaps with the attack infrastructure, the ClearSky report highlighted that the attacks against VPN servers are possibly linked to three Iranian groups - APT33, APT34 and APT39.
Just last month, Iranian state-backed hackers - dubbed "Magnallium" - were discovered carrying out password-spraying attacks targeting US electric utilities as well as oil and gas firms.
Given that the attackers are weaponizing VPN flaws within 24 hours, it's imperative that organizations install security patches as and when they are available.
News URL
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)