Top VPN attacked by Chinese cybercriminals

Some of the world's leading VPN servers are currently being attacked by a group of government-sponsored Chinese hackers after details of security vulnerabilities in their products were released at this year's Black Hat Security Conference.

A group called APT5 (or manganese) is conducting attacks against Fortinet and Pulse Secure corporate servers.

According to a recent report by FireEye, the group has been online since 2007 and "appears to be a large threat group consisting of multiple subgroups, often with different tactics and infrastructures."

The cybersecurity firm indicates that the group targets companies from a variety of industries, with a clear focus on telecoms and technology companies with a particular interest in satellite communications companies.

APT5 attacks

After details of vulnerabilities in Fortinet and Pulse Secure VPN servers became known during a talk by security researchers at Devcore, a subset of APT5 began searching the Internet for vulnerable servers from both companies.

The Vulnerability of CVE-2018-13379 in Fortinet's VPN Products and the Vulnerability of CVE-2019-11510 in Pulse Secure's VPN Products are both "pre-auth file reads" used by an attacker to obtain files from a VPN server can retrieve without having to authenticate.

APT5 and other cyber threat actors have exploited these two vulnerabilities to steal files containing password information or VPN session data from Fortinet and Pulse Secure products. However, those who have watched their attacks have not yet determined if the group has succeeded in violating a company's devices.

Devcore security researchers discovered the security holes of Fortinet and Pulse Secure earlier this year, and the company reported the issues to both vendors earlier this year. Pulse Secure released a patch in April and Fortinet released a patch a month later in May.

READ  Hatch: all about Google's next rumored Chromebook

However, APT5 was able to continue its attacks as many customers of both companies have not yet patched their devices. If your organization has a Fortinet or Pulse Secure VPN server, it is strongly recommended that you instantly patch your device to avoid being the victim of an attack by APT5 or other cyber criminals wishing to exploit these vulnerabilities.

  • We also highlighted the best VPN services of 2019

About ZDNet

Spread the good stuff:
This post contains affiliate links, to find out more information, please read our disclaimer.
The price written on this page is true as the time it is written. It may change at any moment.

Related Posts