The alarming report highlights how hackers have repeatedly taken advantage of several known bugs and one newfound vulnerability in Pulse Secure VPN, a multiple remote connectivity tool, to gain access to dozens of organizations in the defense industry.
The attackers who exploited Pulse Secure were extremely sophisticated and used their access to steal bills and other sensitive data from victim organizations, said Charles Carmakal, senior vice president of FireEye.
“These actors are highly skilled and have deep technical knowledge of the Pulse Secure product,” Carmakal said.
Some of the vulnerabilities exploiting the vulnerabilities started as early as August last year, according to the FireEye report. The report carrying out the attacks possibly works for the Chinese government, and Carmakal added that there are some similarities between portions of this activity and a Chinese actor we call APT5. ‘
Other actors also took advantage of the vulnerabilities, but FireEye said it was unclear whether it could be linked to a specific government.
“The Pulse Connect Secure (PCS) team is in contact with a limited number of customers who have had evidence of exploiting their PCS devices,” Pulse Secure said. “The PCS team provided immediate remediation to these customers.”
It also said: “Customers are also encouraged to apply the efficient and easy use of the Pulse Secure Integrity Checker Tool to identify any unusual activity on their system.”
The DHS Cybersecurity and Infrastructure Security Agency said it had been assisting “several entities” whose vulnerable products had been exploited by a cyber-threat actor since March 31.
“CISA has partnered closely with Ivanti, Inc. to better understand the vulnerabilities in Pulse Secure VPN devices and to reduce potential risks to federal networks in the civil and private sectors,” said Nicky Vogt, a spokeswoman for the agency. , Said Tuesday. “We will continue to provide guidance and recommendations to support organizations that may be affected.”