SECURITY
SECURITY
SECURITY
Government agencies breached in hacking campaign targeting Pulse Secure VPN appliances
Multiple U.S. government agencies have been breached by suspected Chinese state-sponsored hackers who exploited vulnerabilities in Pulse Secure LLC virtual private network appliances.
Confirmed by cybersecurity company FireEye Inc. and Pulse Secure itself along with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency, the attacks are believed to have started around June.
Three of the vulnerabilities exploited in the attacks have been previously detected and patched in 2019 and 2020. The fourth vulnerability was discovered this month and affected a very limited number of customers.
That last one has not yet been patched, but Ivanti Inc., the owner of Pulse Secure since December, said it’s working with customers on mitigation strategies until a patch becomes available in early May.
The threat actor is said to be using the access provided by the vulnerabilities to place web shells on the Pulse Connect Secure appliance for further access and persistence. The web shells provide access for a range of functions, including authentication bypass, multifactor authentication bypass, password logging and persistence through patching.
A list of victims was not disclosed. FireEye identified them only as “defense, government and financial organizations around the world,” with a particular focus on the U.S. defense industry.
China has denied being behind the attacks. Chinese Embassy spokesperson Liu Pengyu told Reuters that China “firmly opposes and cracks down on all forms of cyberattacks” and described the allegations as “irresponsible and ill-intentioned.”
“Almost without fail, the common thread with any advanced persistent threat is the exploitation of known vulnerabilities both new and old,” Yaniv Bar-Dayan, chief executive officer and co-founder at cyber remediation orchestration company Vulcan Cyber Ltd., told SiliconANGLE. “Malicious activity, whether using a supply chain vector or a VPN authentication bypass, is thwarted by good cyber hygiene practices and serious blue teaming.
Vishal Jain, co-founder and chief technology officer at cloud network security service provider Valtix Inc., noted that the old adage of “defense in depth” is still pertinent.
“Network security, tied to automatic rule updates for the latest vulnerabilities to guard against ingress infiltration by the way of virtual patching, prevention of lateral movement with east-west controls and data exfiltration with egress controls, will certainly help,” Jain said.
Image: Pulse Secure
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
