Security News > 2021 > June > Chinese threat actors hacked NYC MTA using Pulse Secure zero-day
Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority network in April using a Pulse Secure zero-day.
MTA mitigated the vulnerability on April 21, one day after Pulse Secure issued an advisory, and CISA published an alert on the Pulse Secure zero-day exploited in the attack.
The malware is custom-tailored for compromising Pulse Secure VPN appliances and used to maintain long-term access to networks, collect credentials, and steal proprietary data.
The zero-day was exploited together with other Pulse Secure bugs to hack the networks of dozens of US and European organizations across several verticals, including defense, government, high tech, transportation, and financial sectors.
A day later, the US Cybersecurity and Infrastructure Security Agency issued an emergency directive ordering federal agencies to mitigate the security flaw within two days by disabling the Pulse Secure Collaboration and Windows File Share Browser features.
Pulse Secure issued security updates to address the zero-day bug on May 3 and also released the Pulse Connect Secure Integrity Tool that helps organizations check if hackers modified files on their Pulse Secure appliances.