Security News > 2020 > April > Government VPN Servers Targeted in Zero-Day Attack
As the Chinese government turns to virtual private networks to provide access to official resources for those working remotely amid the COVID-19 pandemic, the DarkHotel APT has seized the opportunity to target those VPNs in a zero-day attack, researchers said.
According to security analysts from Chinese firm Qihoo 360, attacks began in March on a Chinese VPN provider called SangFor, used by a number of Chinese governmental agencies.
"The entire attack process is very complicated and concealed."
Qihoo 360 researchers have attributed the attack to DarkHotel, an APT associated with carrying out prior cyberespionage efforts in China, North Korea, Japan and the United States.
Earlier in 2020, DarkHotel was seen using Office documents for targeted attacks using a zero-day in Internet Explorer, and was fingered as the culprit behind a March attack on the World Health Organization.
News URL
https://threatpost.com/government-vpn-servers-zero-day-attack/154472/
Related news
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Fortinet VPN design flaw hides successful brute-force attacks (source)
- Apple Patches Two Zero-Day Attack Vectors (source)