Security News > 2020 > April > Government VPN Servers Targeted in Zero-Day Attack
As the Chinese government turns to virtual private networks to provide access to official resources for those working remotely amid the COVID-19 pandemic, the DarkHotel APT has seized the opportunity to target those VPNs in a zero-day attack, researchers said.
According to security analysts from Chinese firm Qihoo 360, attacks began in March on a Chinese VPN provider called SangFor, used by a number of Chinese governmental agencies.
"The entire attack process is very complicated and concealed."
Qihoo 360 researchers have attributed the attack to DarkHotel, an APT associated with carrying out prior cyberespionage efforts in China, North Korea, Japan and the United States.
Earlier in 2020, DarkHotel was seen using Office documents for targeted attacks using a zero-day in Internet Explorer, and was fingered as the culprit behind a March attack on the World Health Organization.
News URL
https://threatpost.com/government-vpn-servers-zero-day-attack/154472/
Related news
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)