Iranian hackers have been hacking VPN servers to plant backdoors

    Iranian hackers have been hacking VPN servers to plant backdoors

    Iranian hackers have been hacking VPN servers to plant backdoors

    Fox Kitten - Widespread Iranian Espionage-Offensive Campaign

    Posted: 21 Feb 2020

    2019 will be remembered as the year when major security bugs were disclosed in a large number of enterprise VPN servers, such as those sold by Pulse Secure, Palo Alto Networks, Fortinet, and Citrix.

    A new report published today reveals that Iran's government-backed hacking units have made a top priority last year to exploit VPN bugs as soon as they became public in order to infiltrate and plant backdoors in companies all over the world.

    According to a report from cyber-security firm ClearSky, Iranian hackers have targeted companies "from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors."


    The report comes to dispel the notion that Iranian hackers are not sophisticated, and less talented than their Russian, Chinese, or North Korean counterparts.

    ClearSky says that "Iranian APT groups have developed good technical offensive capabilities and are able to exploit 1-day vulnerabilities in relatively short periods of time."

    In some instances, ClearSky says it observed Iranian groups exploiting VPN flaws within hours after the bugs been publicly disclosed.

    *APT stands for advanced persistent threat and is a term often used to describe nation-state hacking units

    ClearSky says that in 2019, Iranian groups were quick to weaponize vulnerabilities disclosed in the Pulse Secure "Connect" VPN (CVE-2019-11510), the Fortinet FortiOS VPN (CVE-2018-13379), and Palo Alto Networks "Global Protect" VPN (CVE-2019-1579).

    Attacks against these systems began last summer, when details about the bugs were made public, but they've also continued in 2020.

    Furthermore, as details about other VPN flaws were made public, Iranian groups also included these exploits in their attacks (namely CVE-2019-19781, a vulnerability disclosed in Citrix "ADC" VPNs).

    Read more:
    Brink's Avatar Posted By: Brink
    21 Feb 2020


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 18:53.
Find Us

Windows 10 Forums