Zyxel, a manufacturer of enterprise routers and VPN devices, has issued a notification that attackers are targeting its devices and changing configurations to gain remote access to a network. According to Zyxel, the attacks targeted the USG, ZyWALL, USG FLEX, ATP, and VPN series using on-premise ZLD firmware. All are multi-purpose networking devices that the company sells to enterprise customers as systems that include VPN, firewall, and load balancing. The company stated in an email, “We recently became aware of a sophisticated threat actor targeting a small subset of Zyxel security appliances that have remote management or SSL VPN enabled.” As per the vendor's information, the attacks appear to follow the following pattern: The threat actor tries to access a device through WAN, if successful, the threat actor bypasses the authentication and establishes SSL VPN tunnels with unknown user accounts, such as “zyxel slIvpn”, “zyxel ts”, or “zyxel vpn test”, to change the device's configuration. Zyxel spokespersons in the United States and the United Kingdom have not responded to requests for additional information. At the time of writing, it is unknown whether the attacker is targeting unpatched devices using an existing vulnerability or a never-before-seen flaw known as a "zero-day" in cyber-security circles. It's also unclear whether the assaults have already resulted in security breaches at any of Zyxel's customers or if the vendor discovered the attack early with honeytraps and is now alerting clients ahead of a potentially larger wave of incoming attacks. Despite this, the vendor appears to feel that the attacks may be avoided. As per the research, The Record experts advised maintaining a proper security policy for remote access is currently the most effective way to reduce the attack surface and cert ..
Support the originator by clicking the read the rest link below.
![[DiyOtaku] Gives Old Devices A New Life](upload/news/image_1714723213_17994018.png)
