Security News > 2021 > July > CISA Details Malware Used in Attacks Targeting Pulse Secure Devices
The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks.
CISA warned in April that threat actors had been exploiting four vulnerabilities - including one zero-day flaw tracked as CVE-2021-22893 - in Pulse Connect Secure VPN appliances offered by Pulse Secure, a company that was acquired last year by Ivanti.
In late March, the vendor released the Pulse Secure Connect Integrity Tool, which has enabled customers to detect compromised appliances within their environments.
CISA previously released indicators of compromise, mitigations, and information on the techniques, tactics and procedures used by the threat actors in these attacks.
In most cases, the malicious files are modified versions of Pulse Secure system applications.
Shortly after the attacks targeting the Pulse Secure appliances came to light, FireEye reported that a Chinese threat actor had started covering its tracks by removing its webshells from compromised networks.
News URL
Related news
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2021-22893 | Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1 Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. | 10.0 |