VPN servers attacked by Chinese cybercriminals

VPN servers attacked by Chinese cybercriminals

Fortinet and Pulse Secure corporate VPN servers are under attack by a group of Chinese hackers after obtaining detailed information about vulnerabilities in their products. they were publicly revealed at this year's Black Hat Safety Conference.

A group known as APT5 (or Manganese) is committing these attacks. According to a recent FireEye report, the group has been active online since 2007 and "appears to be operating from a threatening group made up of various sub-groups, often with different groups, tactics and infrastructure.

The cybersecurity company reports that the group has targeted companies in various sectors, but appears to focus primarily on telecommunications and technology companies, with a particular interest in satellite communications companies.

After detailed information about the Fortinet VPN and Pulse Secure VPN vulnerabilities was revealed during a conference given by Devcore security researchers, a subset of APT5 began searching the Internet for vulnerable servers. Two companies.

APT5 attacks

The CVE-2018-13379 vulnerability in the Fortinet VPN products and the CVE-2019-11510 vulnerability in the Pulse Secure VPN products are "pre-authorized file reads" that allow an attacker to obtain files from a VPN server without authenticating.

APT5 and other cybermenace players exploited both vulnerabilities to steal files containing password information or VPN session data from Fortinet and Pulse Secure products. However, those who have observed their attacks have not yet been able to determine whether the group has successfully breached company or company devices.

Devcore security researchers discovered the Fortinet and Pulse Secure vulnerabilities earlier this year, and the company reported the issues to both vendors earlier this year. Pulse Secure launched a solution in April and Fortinet a month later in May.

However, APT5 was able to continue its attacks because many customers of both companies had not yet fixed their devices. If your company has a Fortinet or Pulse Secure VPN server, it is strongly recommended that you immediately fix your device to prevent it from being attacked by APT5 or other cybercriminal groups looking to exploit the device. These vulnerabilities.

Through ZDNet