Threat Research

Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

This article has been indexed from Threat Research

On April 20, 2021, Mandiant published detailed results of our
investigations into compromised
Pulse Secure devices by suspected Chinese espionage operators.
This blog post is intended to provide an update on our findings, give
additional recommendations to network defenders, and discuss potential
implications for U.S.-China strategic relations.

  • Mandiant continues to gather evidence and respond to
    intrusions involving compromises of Pulse Secure VPN appliances at
    organizations across the defense, government, high tech,
    transportation, and financial sectors in the U.S. and Europe (Figure
    1).
  • Reverse engineers on the FLARE team have identified four
    additional code families specifically designed to manipulate Pulse
    Secure devices. 
  • We now assess that espionage activity by
    UNC2630 and UNC2717 supports key Chinese government priorities. Many
    compromised organizations operate in verticals and industries
    aligned with Beijing’s strategic objectives outlined in China’s
    recent 14th Five Year Plan.
  • While there is evidence of data
    theft at many organizations, we have not directly observed the
    staging or exfiltration of any data by Chinese espionage actors that
    could be considered a violation of the Obama-Xi agreement.
  • Mandiant Threat Intelligence assesses that Chinese cyber
    espionage activity has demonstrated a higher tolerance for risk and
    is less constrained by diplomatic pressures than previously
    characterized.



Figure 1: Organizations with compromised
Pulse Secure devices by vertical and geographic location

Pulse Secure continues to work closely with Mandiant, affected
customers, government partners, and other forensic experts to address
these issues. Pulse Secure’s parent company, Ivanti, has released
patches to proactively address software vulnerabilities and issued
updated Security
Ad

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse
Secure VPN Devices