Security News > 2020 > April > Government VPN Servers Targeted in Zero-Day Attack
As the Chinese government turns to virtual private networks to provide access to official resources for those working remotely amid the COVID-19 pandemic, the DarkHotel APT has seized the opportunity to target those VPNs in a zero-day attack, researchers said.
According to security analysts from Chinese firm Qihoo 360, attacks began in March on a Chinese VPN provider called SangFor, used by a number of Chinese governmental agencies.
"The entire attack process is very complicated and concealed."
Qihoo 360 researchers have attributed the attack to DarkHotel, an APT associated with carrying out prior cyberespionage efforts in China, North Korea, Japan and the United States.
Earlier in 2020, DarkHotel was seen using Office documents for targeted attacks using a zero-day in Internet Explorer, and was fingered as the culprit behind a March attack on the World Health Organization.
News URL
https://threatpost.com/government-vpn-servers-zero-day-attack/154472/
Related news
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)