al capone
Advanced
- Joined
- 13.09.20
- Messages
- 159
- Reaction score
- 1,897
- Points
- 93
In total, experts identified 12 malware families associated with attacks on Pulse Secure VPN.
Cybercriminals are attacking corporate networks through a zero-day vulnerability in Pulse Connect Secure gateways ( CVE-2021-22893), for which a fix has not yet been released. According to experts of the information security company FireEye, at least two hacker groups exploit the vulnerability for attacks on defense, government and financial organizations in the United States and other countries.
According to the researchers, attackers use a new vulnerability discovered in April 2021, along with already known vulnerabilities, to gain initial access to corporate networks. In total, experts identified 12 malware families associated with attacks on Pulse Secure VPN installations.
The aforementioned hacker groups, UNC2630 and UNC2717, are responsible for attacks on the networks of the US defense industrial base and the European organization, respectively. Experts associate UNC2630 with the Chinese government and suggest that it is related to the APT5 hacker group. The group carried out attacks from August to October 2020, when UNC2717 came into play. The second group exploited the vulnerability to deploy custom malware samples in the networks of government organizations in Europe and the United States.
Malware associated with UNC2630: SLOWPULSE, RADIALPULSE, THINBLOOD, ATRIUM, PACEMAKER, SLIGHTPULSE, and PULSECHECK. Malware related to UNC2717: HARDPULSE, QUIETPULSE, and PULSEJUMP. Two additional malware families, STEADYPULSE and LOCKPICK, deployed during the attacks, were not associated with a specific group due to a lack of information.
By exploiting vulnerabilities in Pulse Secure VPN ( CVE-2019-11510 , CVE-2020-8260, CVE-2020-8243, and CVE-2021-22893), the UNC2630 group stole credentials and used them to move around in the attacked environment. In order to gain consistency in the compromised network, hackers used modified versions of legitimate Pulse Secure code and scripts to execute arbitrary commands and implement web shells.
Cybercriminals are attacking corporate networks through a zero-day vulnerability in Pulse Connect Secure gateways ( CVE-2021-22893), for which a fix has not yet been released. According to experts of the information security company FireEye, at least two hacker groups exploit the vulnerability for attacks on defense, government and financial organizations in the United States and other countries.
According to the researchers, attackers use a new vulnerability discovered in April 2021, along with already known vulnerabilities, to gain initial access to corporate networks. In total, experts identified 12 malware families associated with attacks on Pulse Secure VPN installations.
The aforementioned hacker groups, UNC2630 and UNC2717, are responsible for attacks on the networks of the US defense industrial base and the European organization, respectively. Experts associate UNC2630 with the Chinese government and suggest that it is related to the APT5 hacker group. The group carried out attacks from August to October 2020, when UNC2717 came into play. The second group exploited the vulnerability to deploy custom malware samples in the networks of government organizations in Europe and the United States.
Malware associated with UNC2630: SLOWPULSE, RADIALPULSE, THINBLOOD, ATRIUM, PACEMAKER, SLIGHTPULSE, and PULSECHECK. Malware related to UNC2717: HARDPULSE, QUIETPULSE, and PULSEJUMP. Two additional malware families, STEADYPULSE and LOCKPICK, deployed during the attacks, were not associated with a specific group due to a lack of information.
By exploiting vulnerabilities in Pulse Secure VPN ( CVE-2019-11510 , CVE-2020-8260, CVE-2020-8243, and CVE-2021-22893), the UNC2630 group stole credentials and used them to move around in the attacked environment. In order to gain consistency in the compromised network, hackers used modified versions of legitimate Pulse Secure code and scripts to execute arbitrary commands and implement web shells.