Security News > 2020 > April > Government VPN Servers Targeted in Zero-Day Attack
As the Chinese government turns to virtual private networks to provide access to official resources for those working remotely amid the COVID-19 pandemic, the DarkHotel APT has seized the opportunity to target those VPNs in a zero-day attack, researchers said.
According to security analysts from Chinese firm Qihoo 360, attacks began in March on a Chinese VPN provider called SangFor, used by a number of Chinese governmental agencies.
"The entire attack process is very complicated and concealed."
Qihoo 360 researchers have attributed the attack to DarkHotel, an APT associated with carrying out prior cyberespionage efforts in China, North Korea, Japan and the United States.
Earlier in 2020, DarkHotel was seen using Office documents for targeted attacks using a zero-day in Internet Explorer, and was fingered as the culprit behind a March attack on the World Health Organization.
News URL
https://threatpost.com/government-vpn-servers-zero-day-attack/154472/
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Versa fixes Director zero-day vulnerability exploited in attacks (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Quad7 botnet targets more SOHO and VPN routers, media servers (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Rackspace internal monitoring web servers hit by zero-day (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)