Security News > 2020 > September > Where China leads, Iran follows: US warns of 'contract' hackers exploiting Citrix, Pulse Secure and F5 VPNs
Where Chinese hackers exploit, Iranians aren't far behind.
So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.
Once inside the target network, the Iranians do the usual thing: gain a foothold, establish persistence, and then steal data.
The Iranians are said to make "Significant" use of ngrok, which shows up as TCP port 443 connections to "External cloud-based infrastructure" as well as FRPC over network port 7557.
The group is also said to have been offering to sell access to compromised networks on "An underground forum", something Crowdstrike thought may have been an unofficial side hustle from the Iranian government work.
News URL
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait (source)
- US indicts Snowflake hackers who extorted $2.5 million from 3 victims (source)
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- Hacker gets 10 years in prison for extorting US healthcare provider (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
- China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks (source)