Security News > 2020 > September > Where China leads, Iran follows: US warns of 'contract' hackers exploiting Citrix, Pulse Secure and F5 VPNs

Where Chinese hackers exploit, Iranians aren't far behind.
So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.
Once inside the target network, the Iranians do the usual thing: gain a foothold, establish persistence, and then steal data.
The Iranians are said to make "Significant" use of ngrok, which shows up as TCP port 443 connections to "External cloud-based infrastructure" as well as FRPC over network port 7557.
The group is also said to have been offering to sell access to compromised networks on "An underground forum", something Crowdstrike thought may have been an unofficial side hustle from the Iranian government work.
News URL
Related news
- Spain arrests suspected hacker of US and Spanish military agencies (source)
- DOGE latest: Citrix supremo has 'read-only' access to US Treasury payment system (source)
- Suspected NATO, UN, US Army hacker arrested in Spain (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)