Security News > 2020 > September > Where China leads, Iran follows: US warns of 'contract' hackers exploiting Citrix, Pulse Secure and F5 VPNs
Where Chinese hackers exploit, Iranians aren't far behind.
So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.
Once inside the target network, the Iranians do the usual thing: gain a foothold, establish persistence, and then steal data.
The Iranians are said to make "Significant" use of ngrok, which shows up as TCP port 443 connections to "External cloud-based infrastructure" as well as FRPC over network port 7557.
The group is also said to have been offering to sell access to compromised networks on "An underground forum", something Crowdstrike thought may have been an unofficial side hustle from the Iranian government work.
News URL
Related news
- China’s FamousSparrow flies back into action, breaches US org after years off the radar (source)
- Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China (source)
- Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks (source)
- China reportedly admitted directing cyberattacks on US infrastructure (source)
- China names alleged US snoops over Asian Winter Games attacks (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- China now America's number one cyber threat – US must get up to speed (source)
- Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)
- Luna Moth extortion hackers pose as IT help desks to breach US firms (source)