This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Zyxel, a manufacturer of enterprise routers and VPN devices, has issued a notification that attackers are targeting its devices and changing configurations to gain remote access to a network.
According to Zyxel, the attacks targeted the USG, ZyWALL, USG FLEX, ATP, and VPN series using on-premise ZLD firmware. All are multi-purpose networking devices that the company sells to enterprise customers as systems that include VPN, firewall, and load balancing.
The company stated in an email, “We recently became aware of a sophisticated threat actor targeting a small subset of Zyxel security appliances that have remote management or SSL VPN enabled.”
As per the vendor’s information, the attacks appear to follow the following pattern: The threat actor tries to access a device through WAN, if successful, the threat actor bypasses the authentication and establishes SSL VPN tunnels with unknown user accounts, such as “zyxel slIvpn”, “zyxel ts”, or “zyxel vpn test”, to change the device’s configuration.
Zyxel spokespersons in the United States and the United Kingdom have not responded to requests for additional information.
At the time of writing, it is unknown whether the attacker is targeting unpatched devices using an existing vulnerability or a never-before-seen flaw known as a “zero-day” in cyber-security circles. It’s also unclear whether the assaults have already resulted in security breaches at any of Zyxel’s customers or
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Zyxel Warns Customers About Hackers Targeting its Firewalls & VPN Devices