Suspected Chinese hackers exploit Pulse Secure VPN to compromise “dozens” of US and European agencies and companies

by

The alarming report highlights how hackers have repeatedly taken advantage of several known flaws and a recently discovered vulnerability in Pulse Secure VPN, a widely used remote connectivity tool to gain access to dozens of industry organizations. defense.

Tuesday’s revelations represent the latest cyber security crisis to hit the US, following the SolarWinds intrusion campaign by Russia’s foreign intelligence service and a series of server software exploits that Microsoft has attributed to Chinese state-sponsored hackers .
The US Department of Homeland Security confirmed the intrusions in its own public notice on Tuesday, urging network administrators to run a tool specifically designed to look for compromises and install an emergency solution published by Ivanti, the owner of Pulse Secure.

The attackers who exploited Pulse Secure are extremely sophisticated and have used their access to steal account credentials and other sensitive data from victims’ organizations, said Charles Carmakal, FireEye’s senior vice president.

“These actors are highly skilled and have in-depth technical knowledge of the Pulse Secure product,” Carmakal said.

Some of the intrusions using the vulnerabilities began as early as August last year, according to the FireEye report. According to the report, the group carrying out the attacks may be working for the Chinese government, and Carmakal added that “there are some similarities between parts of this activity and a Chinese actor we call APT5”.

Other actors have also exploited the vulnerabilities, although FireEye said it is unclear whether they can be linked to a particular government.

Hunters: Russian hackers target first US cyber respondents in SolarWinds violation
In a blog post, Pulse Secure said that the newly discovered flaw affects a “very limited number of customers” and that a more permanent software update will be released in early May to address this vulnerability. Software patches already exist for other vulnerabilities.

“The Pulse Connect Secure (PCS) team is in contact with a limited number of customers who have experienced evidence of operating behavior on their PCS devices,” said Pulse Secure. “The PCS team provided remedial guidance directly to these customers.”

He added: “Customers are also encouraged to apply and use the Pulse Secure Integrated Integrity Verification Tool efficiently and easily to identify any unusual activity in their system.”

DHS’s cybersecurity and infrastructure security agency said it had assisted “several entities” since March 31 whose vulnerable products had been exploited by a cyber threat actor.

“CISA has worked closely with Ivanti, Inc. to better understand the vulnerability of Pulse Secure VPN devices and to mitigate potential risks to federal civilian and private sector networks, ”said Nicky Vogt, a spokesman for the agency. “We will continue to provide guidance and recommendations to support potentially affected organizations.”

.Source