Plus, more news bytes including online casino infiltration and a mobile banking phishing scam.
Taking advantage of VPN vulnerabilities within hours after they had been announced publicly, Iranian government-backed hacking groups have been setting up secret backdoors in various countries around the world since 2019. ZDNet reported that the targeted companies consisted of the IT, telecommunications, oil & gas, aviation, government, and security industries. The compromised VPNs, all of which are enterprise-grade, include Pulse Secure, Palo Alto Networks, Fortinet, and Citrix.
Exploiting the VPNs was only the first part of the plan. The second part involved infiltration of the targeted companies using both existing malware and custom-designed new malware. The end goal of the mass infection is still unknown, as the backdoors seem only to be used for surveillance and reconnaissance currently. Experts worry that the illicit access points could be used in the future for data-wiping attacks.
Avast Security Evangelist Luis Corrons sees the strategy behind the attacks and acknowledges the danger. “Most companies using the aforementioned VPN vendors are big corporations, which are the likely targets of state-sponsored attacks,” he said. “But the VPN is only the entry point, so even those who patched the security vulnerabilities in a timely manner should assume that their networks could have been compromised and do a thorough analysis of all their servers and endpoints.”
Chinese hackers target online casinos
In more backdoor news, researchers have discovered that a new Chinese hacking group dubbed “CRBControl” has been using secret backdoors to gain access to the infrastructure of online gambling platforms based in Europe, the Middle East, a ..
Support the originator by clicking the read the rest link below.
