Chinese hacker spies continue to target Pulse Secure VPNs

Chinese hacker spies continue to target Pulse Secure VPNs

Cybersecurity researchers at FireEye have uncovered additional tactics, techniques and procedures (TTPs) adopted by Chinese hackers who were recently found to be abusing Pulse Secure VPNs to drop malicious Web Shells and gain access to sensitive network information.

The FireEye Secret Threat Team, which monitors cyber espionage under two threat groups, UNC2630 and UNC2717, said the intrusions were in line with key priorities of the Chinese government, adding that “many organizations agree to work in the same direction with Beijing objectives outlined in China’s 14th Five-Year Plan. “

On April 20, the cyber security company uncovered 12 different malware families, including STEADYPULSE and LOCKPICK, which were expressly designed to infect Pulse Secure VPNs and to be used by various cyber-spyware groups. government.

At the heart of these intrusions is CVE-2021-22893, a recently fixed vulnerability in Pulse Secure VPNs that rivals exploited to initially gain access to the destination network, using it to steal credentials, change management privileges, and conduct internal moving around the ends of the entire network before gaining permanent access to sensitive data.

[The Hacker News]

Facebook
Twitter
LinkedIn
Pinterest

Other posts