Security News > 2021 > July > CISA Details Malware Used in Attacks Targeting Pulse Secure Devices
The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks.
CISA warned in April that threat actors had been exploiting four vulnerabilities - including one zero-day flaw tracked as CVE-2021-22893 - in Pulse Connect Secure VPN appliances offered by Pulse Secure, a company that was acquired last year by Ivanti.
In late March, the vendor released the Pulse Secure Connect Integrity Tool, which has enabled customers to detect compromised appliances within their environments.
CISA previously released indicators of compromise, mitigations, and information on the techniques, tactics and procedures used by the threat actors in these attacks.
In most cases, the malicious files are modified versions of Pulse Secure system applications.
Shortly after the attacks targeting the Pulse Secure appliances came to light, FireEye reported that a Chinese threat actor had started covering its tracks by removing its webshells from compromised networks.
News URL
Related news
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2021-22893 | Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1 Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. | 10.0 |