The UK’s National Cyber Security Centre (NCSC) has revealed that advanced persistent threat (APT) groups have been misusing newly divulged VPN flaws in enterprise VPN products.

The NCSC, which is part of the UK’s GCHQ intelligence agency, warned companies this week that they may come under attack if they use the compromised products.

The NCSC said that this activity is continuing, targeting British as well as international organizations.

The NCSC said that the APTs have been targeting numerous flaws, including CVE-2019-11510 and CVE-2019-11539, which impact Pulse Secure products, CVE-2018-13379, CVE-2018-13382 and CVE-2018-13383, which impact Fortinet products, and CVE-2019-1579, which affect Palo Alto Networks products.

Soon after their revelation, which included technical details, numerous proof-of-concept (PoC) exploits were made public.

The researchers warned that the faults can be exploited remotely to penetrate corporate networks, snoop on communications, and steal possibly sensitive information.

A few weeks after revelation, the first attack seeks to target Fortinet and Pulse Secure systems were marked.

Researchers from Microsoft’s Threat Intelligence Center disclosed in early September that a threat group traced by the company as MANGANESE had been using the susceptibilities in its attacks since mid-July.

Active since at least 2007, MANGANESE primarily targets telecommunications and technology companies in Asia.

The NCSC’s alert does not stipulate which APTs have been targeting the flaws, but it recommends organizations previously targeted by APTs and companies that have noticed effective manipulation against their VPN to take steps.

In late August, Pulse Secure claimed that most of its customers had already repaired the flaws, but Bad Packets said then that there had been more than 14,000 susceptible Pulse Secure endpoints hosted by over 2,500 organizations.

A fresh update Bad Packets provided disclosed that there had still been over 6,500 weak Pulse Secure endpoints as of September 30, a majority of which are located in the U.S., Japan and the UK.

Related articles

Google Discloses Fixed Bugs in Signal, FB Messenger, JioChat Apps
Miscellaneous

Google Discloses Fixed Bugs in Signal, FB Messenger, JioChat Apps

By CertX
Carbanak Source Code Revealed on VirusTotal
Miscellaneous

Carbanak Source Code Revealed on VirusTotal

By CertX
Researchers discover new malware that contains in 9 Android apps
Malware / Miscellaneous

Researchers discover new malware that contains in 9 Android apps

By CertX
Shade ransomware closes down and issues thousands of decryption keys
Miscellaneous / Security Updates

Shade ransomware closes down and issues thousands of decryption keys

By CertX
Microsoft, other tech companies take down TrickBot botnet
Malware / Miscellaneous

Microsoft, other tech companies take down TrickBot botnet

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *