![]() ![]() Their primary goals are maintaining long-term access to networks, collecting credentials, and stealing proprietary data. ![]() This tradecraft enabled the actors to maintain access to victim environments for several months without being detected. They modified scripts on the Pulse Secure system which enabled the malware to survive software updates and factory resets. They developed malware that enabled them to harvest Active Directory credentials and bypass multifactor authentication on Pulse Secure devices to access victim networks. These actors are highly skilled and have deep technical knowledge of the Pulse Secure product. We suspect these intrusions align with data and intelligence collection objectives by China. Through the course of our investigations, we learned that a zero-day and other known vulnerabilities in the VPN solution were exploited to facilitate intrusions across dozens of organisations including government agencies, financial entities, and defence companies in the US and abroad. In recent months, Mandiant has responded to multiple intrusions involving the exploitation of the Pulse Secure VPN solution. Ivanti, Pulse Secure’s parent company said that a final patch to fix the vulnerability will be available in May 2021.īelow are some of the comments from cybersecurity experts: CISA has also issued an Emergency Directive to Federal Civilian Executive Branch agencies. US Department of Homeland security, The Cybersecurity and Infrastructure Security Agency, CISA, said that its aware of the intrusions and released a public advisory urging organisations to immediately run the Pulse Secure Connect Integrity Tool, update to the latest software version. Mandiant has identified 12 families of malware specific to Pulse Secure appliances used in this campaign. These techniques are being used by at least two groups, including UNC2630, a group with suspected ties to APT5. The report examines a new zero-day vulnerability, multiple techniques for bypassing single and multifactor authentication, and malware that persists across upgrades and factory resets on Pulse Secure devices. Mandiant recently responded to multiple security incidents involving the exploitation of Pulse Secure VPN appliances. The impacted organisations include financial institutions, defence, and government agencies in the US and across the globe. According to FireEye report, hackers with suspected links to China have been actively exploiting vulnerabilities in Pulse Secure VPN since June 2020. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |