The week has barely started and zero-day exploits are already taking the cyberworld by storm. This time the flaws are in Pulse Secure VPN devices.
What’s going on?
Reports published by Pulse Secure and FireEye state that a new zero-day flaw in Pulse Secure VPN equipment has been abused by two hacking groups—UNC2630 and UNC2717—who broke into the networks of U.S. defense contractors and government organizations.
The attack and the attackers
UNC2630 is a China-linked cyber espionage group and is believed to be tied with APT5, a threat actor probably associated with the Beijing government.
The group attacked U.S. Defense Industrial Base (DIB) networks with SLOWPULSE, RADIALPULSE, THINBLOOD, PACEMAKER, ATRIUM, PULSECHECK, and SLIGHTPULSE. The attacks ranged from August 2020 and March 2021.
UNC2717 activities ranged from October 2020 and March 2021 and attacked organizations with PULSEJUMP, QUIETPULSE, and HARDPULSE.
No evidence has been found to connect this group with other APT groups or government sponsorship.
Why does this matter?
Cyberspies have, time and again, sought out flaws in VPN to make their way into networks. VPN exploits are the go to hack for nation-state hackers due to the reliance of organizations and government agencies on VPN software. The Pulse Connect Secure exploits can potentially be an entry-point to a data-rich network.
How to stay safe
Use the most recent Pulse Secure Integrity Assurance utility version released in March.
Install the latest security patches by Pulse ..