APT groups are exploiting outdated VPNs to spy on international targets, U.K. and U.S. warn

[InfoSec News <alerts () infosecnews org>]

https://www.cyberscoop.com/vpn-vulnerabilities-china-apt-palo-alto/

By Jeff Stone
CYBERSCOOP
October 7, 2019

International hacking groups are exploiting vulnerabilities in virtual private 
network technologies to steal user credentials and monitor sensitive traffic, 
the United Kingdom’s National Cyber Security Centre said, amid recent warnings 
that the Chinese government has used similar tactics to collect intelligence.

The NCSC, an offshoot of Britain’s intelligence agency, the GCHQ, said on Oct. 
2 hackers are leveraging outdated versions of Palo Alto Networks, Fortinet and 
Pulse Secure products. The U.S. Department of Homeland Security’s Cybersecurity 
and Infrastructure Agency published its own advisory on the vulnerabilities, 
which attackers could use to take over an affected system, on Oct. 4.

Neither warning speculates on who may be behind the attack, though the alerts 
come after Microsoft in August said Manganese, a Chinese hacking collective 
also known as APT5, was focusing attacks on Pulse Secure and Fortinet products. 
Pulse Secure, Palo Alto and Fortinet have each released security updates for 
all of the affected products.

“This activity is ongoing, targeting both U.K. and international 
organisations,” the NCSC advisory stated. “Affected sectors include government, 
military, academic, business and healthcare. These vulnerabilities are well 
documented in open source.”

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_