This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Several hacker groups that are supposed to support Chinese long-term economic goals continue in the defense, high-tech, public, transportation, and financial services industry networks in the US and Europe.
Many breaches have taken place wherein attacks by Chinese threat actors penetrated Pulse Secure VPN devices to break into an organization’s network and steal confidential material.
Whereas in several other incidents the attackers took full advantage of the Pulse Connect Secure (PCS) (CVE-2021-22893) authentication bypass vulnerability to enter into the victim’s network. The intruders also gained control of the combination of previously known vulnerabilities. Meanwhile, last month, a failure in the bypass authentication was detected and rectified.
Mandiant issued a warning this week – on China’s advanced persistent threat (APT) activity for U.S. and European organizations. In the alert, Mandiant had focused on a battery of malware tools used to address vulnerabilities in Pulse Secure VPN devices on two Chinese-based organizations: UNC2630 and UNC2717. Mandiant said that UNC2630 had targeted US military industry groups and UNC2717 had attacked an EU entity.
“The exploitation activity we have observed is a mix of targeting unpatched systems with CVEs from 2019 and 2020, as well as a previously unpatched 2021 CVE (CVE-2021-22893),” says Stephen Eckels, a reverse engineer at Mandiant. “Since our original report, Pulse Secure and Mandiant have worked together, and the zero-day has since been patched.”
APT: China-Based Threat Group Attacks Pulse Secure VPNs