Alleged Chinese hackers took advantage of Pulse Secure VPN to engage “dozens” of agencies and companies in the United States and Europe

by

The alarming informant reveals how hackers repeatedly took advantage of several known flaws and a newly discovered vulnerability in Pulse Secure VPN, a widely used remote connectivity tool, to access dozens of defense industry organizations.

Tuesday’s revelations represent the latest cybersecurity crisis to hit the United States, following the SolarWinds intrusion campaign by Russia’s foreign intelligence service and a series of server software exploits that Microsoft has attributed to Chinese state-sponsored hackers.
The U.S. Department of Homeland Security confirmed the intrusions in its own public advice on Tuesday, urging network administrators to run a special tool designed to look for signs of compromise and install an emergency solution published by Ivanti, the owner of Pulse Secure.

The attackers who exploited Pulse Secure are extremely sophisticated and used their access to steal account credentials and other sensitive data belonging to victim organizations, said Charles Carmakal, senior vice president of FireEye.

“These actors are highly skilled and have a deep technical knowledge of the Pulse Secure product,” Carmakal said.

Some of the intrusions that used the vulnerabilities began as early as August last year, according to the FireEye report. According to the report, the group that carried out these attacks could be working for the Chinese government, and Carmakal added that “there are some similarities between parts of this activity and a Chinese actor we call APT5.”

Other actors have also taken advantage of the vulnerabilities, although FireEye said it is unclear if they could be related to a particular government.

The Hunter Hunt: How Russian Hackers Directed the First American Cyber ​​Assistants to SolarWinds Violations
In a blog post, Pulse Secure said the newly discovered flaw affects a “very limited number of customers” and that a more permanent software update will be issued in early May to address this vulnerability. Software patches are already available for other vulnerabilities.

“The Pulse Connect Secure (PCS) team is in contact with a limited number of customers who have experienced operational behavior testing on their PCS devices,” Pulse Secure said. “The PCS team has provided remediation guidelines to these customers directly.”

He added: “Customers are also encouraged to apply and take advantage of the efficient and easy-to-use Pulse Secure Integrity Checker Tool to identify any unusual activity on your system.”

The DHS Cyber ​​Security and Infrastructure Agency said it has since March 31 helped “multiple entities” whose vulnerable products have been exploited by a cyber-threat actor.

“CISA has worked closely with Ivanti, Inc. to better understand the vulnerability of Pulse Secure VPN devices and mitigate potential risks to federal civil and private sector networks,” agency spokesman Nicky Vogt said Tuesday. “We will continue to provide guidance and recommendations to support potentially affected organizations.”

.Source