Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday February 18 2020, @05:00AM   Printer-friendly
from the Hack-the-planet! dept.

Submitted via IRC for AndyTheAbsurd

Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies.

2019 will be remembered as the year when major security bugs were disclosed in a large number of enterprise VPN servers, such as those sold by Pulse Secure, Palo Alto Networks, Fortinet, and Citrix.

A new report published today reveals that Iran's government-backed hacking units have made a top priority last year to exploit VPN bugs as soon as they became public in order to infiltrate and plant backdoors in companies all over the world.

According to a report from cyber-security firm ClearSky, Iranian hackers have targeted companies "from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors."

[...] ClearSky says that "Iranian APT[*] groups have developed good technical offensive capabilities and are able to exploit 1-day vulnerabilities in relatively short periods of time."

In some instances, ClearSky says it observed Iranian groups exploiting VPN flaws within hours after the bugs been publicly disclosed.

[...] ClearSky says that in 2019, Iranian groups were quick to weaponize vulnerabilities disclosed in the Pulse Secure "Connect" VPN (CVE-2019-11510), the Fortinet FortiOS VPN (CVE-2018-13379), and Palo Alto Networks "Global Protect" VPN (CVE-2019-1579).

Attacks against these systems began last summer, when details about the bugs were made public, but they've also continued in 2020.

Furthermore, as details about other VPN flaws were made public, Iranian groups also included these exploits in their attacks (namely CVE-2019-19781, a vulnerability disclosed in Citrix "ADC" VPNs).

[...] According to the ClearSky report, the purpose of these attacks is to breach enterprise networks, move laterally throughout their internal systems, and plant backdoors to exploit at a later date.

While the first stage (breaching) of their attacks targeted VPNs, the second phase (lateral movement) involved a comprehensive collection of tools and techniques, showing just how advanced these Iranian hacking units have become in recent years.

For example, hackers abused a long-known technique to gain admin rights on Windows systems via the "Sticky Keys" accessibility tool [1, 2, 3, 4].

They also exploited open-sourced hacking tools like JuicyPotato and Invoke the Hash, but they also used legitimate sysadmin software like Putty, Plink, Ngrok, Serveo, or FRP.

[...] Furthermore, taking into account the conclusions of the ClearSky report, we can also expect that Iranian hackers will also pounce on the opportunity to exploit new VPN flaws once they become public.

This means that we can expect that Iranian hackers will most likely target SonicWall SRA and SMA VPN servers in the future after earlier this week security researchers have published details about six vulnerabilities impacting these two products.

[*] APT - Advanced Persistent Threat — a term often used to describe nation-state hacking units

Source: https://www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 4, Informative) by c0lo on Tuesday February 18 2020, @05:24AM (8 children)

    by c0lo (156) Subscriber Badge on Tuesday February 18 2020, @05:24AM (#959447) Journal

    ClearSky says that "Iranian APT[*] groups have developed good technical offensive capabilities and are able to exploit 1-day vulnerabilities in relatively short periods of time."

    You mean, Israel is not the only party with hacking capabilities [wikipedia.org] today?
    I mean, those brazen ragtags could actually learn from what have happened to them and respond in kind?

    What's with the "what comes around goes around" and karma mysticism? We're living in 21 century, this can't be happening; only the western world is supposed to be able of such feats, with impunity no less.

    (point: the best defense is to close the vulns as soon to their discovery as possible; trying to exploit them offensively is a losing game on long term. Whoever tells you otherwise is not your friend).

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 1, Redundant) by fustakrakich on Tuesday February 18 2020, @06:31AM (7 children)

      by fustakrakich (6150) on Tuesday February 18 2020, @06:31AM (#959455) Journal

      Nobody knows if it's Iranians or Texans... Shit's too easy to spoof. Why the hell should we believe the tabloids?

      --
      La politica e i criminali sono la stessa cosa..
      • (Score: 3, Funny) by MostCynical on Tuesday February 18 2020, @07:09AM (5 children)

        by MostCynical (2589) on Tuesday February 18 2020, @07:09AM (#959464) Journal

        Look, stop with the identity politics.. If they identify as Iranian, isn't that good enough?

        --
        "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
        • (Score: 2) by c0lo on Tuesday February 18 2020, @07:25AM (4 children)

          by c0lo (156) Subscriber Badge on Tuesday February 18 2020, @07:25AM (#959467) Journal

          If they identify as Iranian, isn't that good enough?

          Nope.
          True, accepting them for whatever they indentify with is the first necessary step.
          However, it is not sufficient: one needs to walk all the steps on the inclusion path as well.

          (grin)

          --
          https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
          • (Score: 2) by MostCynical on Tuesday February 18 2020, @07:47AM (3 children)

            by MostCynical (2589) on Tuesday February 18 2020, @07:47AM (#959470) Journal

            Go all the way: cut off a leg, wear a coat and head scarf, and call yourself a one-legged, lesbian, Iranian hacker.

            --
            "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
            • (Score: 2) by c0lo on Tuesday February 18 2020, @09:25AM (2 children)

              by c0lo (156) Subscriber Badge on Tuesday February 18 2020, @09:25AM (#959476) Journal

              Or else...?

              --
              https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
              • (Score: 2) by MostCynical on Tuesday February 18 2020, @11:14AM (1 child)

                by MostCynical (2589) on Tuesday February 18 2020, @11:14AM (#959490) Journal

                Maybe the government will just declare you to be a particular minority, until there are the same number of all minorities, and no majorities (yay, set theory)

                --
                "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
                • (Score: 2) by c0lo on Tuesday February 18 2020, @11:33AM

                  by c0lo (156) Subscriber Badge on Tuesday February 18 2020, @11:33AM (#959491) Journal

                  I still don't see how is this related with the still necessary inclusion.
                  Like in "no, accepting the identity is not good enough"

                  --
                  https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @08:28PM

        by Anonymous Coward on Tuesday February 18 2020, @08:28PM (#959651)

        Redundant? Please! It's no more so than the oft repeated propaganda in the story to roust the natives into picking up their pitchforks and tiki torches.

  • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @06:28AM (3 children)

    by Anonymous Coward on Tuesday February 18 2020, @06:28AM (#959453)

    You don't prefix "american" to "hacker" stories, do you?

    • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @06:35AM (1 child)

      by Anonymous Coward on Tuesday February 18 2020, @06:35AM (#959456)

      They're all gainfully employed.

      • (Score: 3, Funny) by c0lo on Tuesday February 18 2020, @07:28AM

        by c0lo (156) Subscriber Badge on Tuesday February 18 2020, @07:28AM (#959468) Journal

        It's called being a patriot, you insensitive cold.
        Unlike that Snowden traitor.

        (grin)

        --
        https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 2) by nobu_the_bard on Tuesday February 18 2020, @02:13PM

      by nobu_the_bard (6373) on Tuesday February 18 2020, @02:13PM (#959517)

      American hackers mostly don't hack Americans so it doesn't make the American news as much.

      Imperfect example, but was the first hit I got on a search: https://www.aljazeera.com/news/2019/04/hackers-helped-uae-spy-al-jazeera-chairman-reuters-190401170548562.html [aljazeera.com]

      I don't know if it's true but I've heard it's similar in other countries.

      I know for sure, many malware actually try to avoid infecting computers in their country of origin. It's not that they're patriotic usually, its usually that it's harder to prosecute them if their only crimes were committed on foreign soil.

  • (Score: 3, Insightful) by Kitsune008 on Tuesday February 18 2020, @04:08PM (1 child)

    by Kitsune008 (9054) on Tuesday February 18 2020, @04:08PM (#959557)

    Okay, now the Iranians have joined in on the hackfest that's been ongoing for years. One more entity, among multitudes already active, hardly makes a difference.

    Until something truly catastrophic happens, network security will not improve enough to make a real difference. It's not a new problem, people, it's been ongoing for decades.

    It is best to lube your asshole before burying your head in the sand, as it will leave that naive ass sticking up in the air to be fscked. Human nature being what it is, some joker WILL tap that ass.

    • (Score: 1, Funny) by Anonymous Coward on Tuesday February 18 2020, @07:23PM

      by Anonymous Coward on Tuesday February 18 2020, @07:23PM (#959632)

      The Crack of Doom.

(1)