APT 41, Chinese hackers groups launched a massive cyberattack on dozens of countries around the globe using exploits that trigger the vulnerabilities in Cisco, Citrix, Zoho products.
Several countries are being targeted including Australia, Canada, Denmark, Finland, France, India, Italy, Japan, Malaysia, Mexico, Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, UAE, UK, and USA.
There are 3 main products are being exploited in this attack, that are Citrix Application Delivery Controller, Cisco routers and Zoho ManageEngine Desktop Central.
Attacker targeting several governments and private sectors including Healthcare, High Technology, Higher Education, Legal, Manufacturing, Media, Non-profit, Oil & Gas, Petrochemical, Pharmaceutical, Real Estate, Telecommunications, Transportation, Travel, and Utility.
Researchers from FireEye observed that the attack has been performed between January 20 and March 11.
Vulnerability Exploitation Details
This attack has been initially observed when threat actors attempted to exploit Citrix Application Delivery Controller (ADC) vulnerability CVE-2019-19781 on January 20, 2020.
The exploitation attempt was involved execution of the command ‘file /bin/pwd’ that helps them to identify the vulnerable and patched system in the victim’s network.
In February, APT 41 actors start downloading the unknown payload from File Transfer Protocol (FTP) and the payload named “bsd” that looked like a backdoor.
According to the FireEye report “We observed a significant uptick in CVE-2019-19781 exploitation on February 24 and February 25. The exploit behavior was almost identical to the activity on February 1, where only the name of the payl ..
Support the originator by clicking the read the rest link below.
