The FireEye Mandiant team has discovered multiple threat actors exploiting a zero-day vulnerability in Pulse Secure VPN appliances. The attack infrastructure is very sophisticated. The attacks persist in the VPN appliances, even across software updates, they change read-only filesystems to read-write filesystems and use a variety of mechanisms to evade detection.
A variety of attack tools by a variety of threat actors are involved in exploiting the Pulse Secure systems, including four variants of a novel malware family FireEye/Mandiant has named SLOWPULSE. Three of the four variants of SLOWPULSE allow attackers to bypass two-factor authentication mechanisms in the VPN system.
Multiple sites in the USA and European Union have been targeted. There is no information yet as to whether or which industrial or critical infrastructure sites might have been targeted.
Beyond the immediate ..
Support the originator by clicking the read the rest link below.
