Security News > 2021 > April > China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way
Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised by China via vulnerabilities in their Pulse Connect Secure VPN appliances - including a zero-day flaw that won't be patched until next month.
On Tuesday, IT software supplier Ivanti, the parent of Pulse Secure, issued a wake-up call to its customers by revealing it looks as though select clients were compromised via their encrypted gateways.
FireEye/Mandiant in an advisory said it was tracking 12 malware families, focused on circumventing authentication and providing backdoor access, that have been linked to the exploitation of Pulse Secure VPN devices.
"In each intrusion, the earliest evidence of attacker activity traced back to DHCP IP address ranges belonging to Pulse Secure VPN appliances in the affected environment," the biz added.
Carmakal said the snoops operating as UNC2630 have developed deep technical knowledge of the Pulse Secure product, in order to maintain long-term access to networks for credential harvesting and data theft.
The security firm also said it had spotted an OpenSSL library file that had been modified in a way that could weaken the encryption used to protect communication on Pulse Secure systems.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/04/20/china_pulse_connect_secure_vpn/
Related news
- CISA cautions against using hacked Ivanti VPN gateways even after factory resets (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New Ivanti RCE flaw may impact 16,000 exposed VPN gateways (source)
- Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways (source)