Security News > 2020 > April > Government VPN Servers Targeted in Zero-Day Attack
As the Chinese government turns to virtual private networks to provide access to official resources for those working remotely amid the COVID-19 pandemic, the DarkHotel APT has seized the opportunity to target those VPNs in a zero-day attack, researchers said.
According to security analysts from Chinese firm Qihoo 360, attacks began in March on a Chinese VPN provider called SangFor, used by a number of Chinese governmental agencies.
"The entire attack process is very complicated and concealed."
Qihoo 360 researchers have attributed the attack to DarkHotel, an APT associated with carrying out prior cyberespionage efforts in China, North Korea, Japan and the United States.
Earlier in 2020, DarkHotel was seen using Office documents for targeted attacks using a zero-day in Internet Explorer, and was fingered as the culprit behind a March attack on the World Health Organization.
News URL
https://threatpost.com/government-vpn-servers-zero-day-attack/154472/
Related news
- Rackspace internal monitoring web servers hit by zero-day (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)