The actions of this group have become known, but no one can be sure that there is no other team that will attempt to exploit them. vulnerabilities. The UK's National Cybersecurity Center (NCSC) warns organizations that Palo's GlobalProtect portal and GlobalProtect Gateway interface are also being attacked by hackers. These attacks are still ongoing and target not only British but also international organizations such as government, military, academia, business and healthcare.
The NCSC gave 6 the biggest vulnerabilities exploited by the groups hacking in VPN products. At the same time, patches are available for each vulnerability, and admins are immediately advised to avoid compromises as the attackers' code is available online.
VPN defects will allow hackers to gain access credentials that can be used to connect to the VPN and change settings.
- The defects affecting the Pulse Connect Secure VPN are CVE-2019-11510 and CVE-2019-11539.
- The defects affecting Fortinet's Fortigate devices are CVE-2018-13379, CVE-2018-13382 and CVE-2018-13383.
- Both the GlobalProtect portal and Palo's GlobalProtect Gateway interface are CVE-2019-1579.
NCSC recommends that organizations targeted by government-backed hackers check all settings and logs for services that users connect to via VPN.
It also recommends that the appliances be thoroughly cleaned if they have been previously attacked. In addition, organizations should implement two-factor authentication for VPN and disable redundant features and ports on VPN.