News of compromises affecting government agencies, critical infrastructure entities, and other private sector organizations comes a week after the U.S.
Pulse Secure customers are recommended to upgrade to PCS Server version 9.1R.11.4 when it becomes available. The Utah-based company acknowledged that the new flaw impacted a " very limited number of customers," adding it has released a Pulse Connect Secure Integrity Tool for customers to check for signs of compromise. Ivanti, the company behind the Pulse Secure VPN, has released temporary mitigations to address the arbitrary file execution vulnerability ( CVE-2021-22893, CVSS score: 10), while a fix for the issue is expected to be in place by early May. In order to maintain persistence to the compromised networks, the actor utilized legitimate, but modified, Pulse Secure binaries and scripts to enable arbitrary command execution and inject web shells capable of carrying out file operations and running malicious code.ĭiscover the Hidden Dangers of Third-Party SaaS AppsĪre you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk. Two additional malware strains, STEADYPULSE and LOCKPICK, deployed during the intrusions have not been linked to a specific group, citing lack of evidence.īy exploiting multiple Pulse Secure VPN weaknesses ( CVE-2019-11510, CVE-2020-8260, CVE-2020-8243, and CVE-2021-22893), UNC2630 is said to have harvested login credentials, using them to move laterally into the affected environments. UNC2717 - HARDPULSE, QUIETPULSE, AND PULSEJUMP.UNC2630 - SLOWPULSE, RADIALPULSE, THINBLOOD, ATRIUM, PACEMAKER, SLIGHTPULSE, and PULSECHECK.The list of malware families is as follows.
The incidents continued until March 2021, according to FireEye. Attacks staged by UNC2630 are believed to have commenced as early as August 2020, before they expanded in October 2020, when UNC2717 began repurposing the same flaws to install custom malware on the networks of government agencies in Europe and the U.S.
0 kommentar(er)
