• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • About Us
  • Contact Us

iHash

News and How to's

  • The Complete Google Go Programming Language for Beginners Course for $13

    The Complete Google Go Programming Language for Beginners Course for $13
  • The 2022 Ultimate Project Managers Toolkit Bundle for $39

    The 2022 Ultimate Project Managers Toolkit Bundle for $39
  • Voicetapp Speech to Text Transcription: Lifetime Subscription for $59

    Voicetapp Speech to Text Transcription: Lifetime Subscription for $59
  • PDF Reader Pro Smart PDF Editor & Converter Tool: Premium License (For Windows) for $39

    PDF Reader Pro Smart PDF Editor & Converter Tool: Premium License (For Windows) for $39
  • Microsoft Office Pro for Windows 2021 + HP EliteBook + Certificate Course Bundle for $666

    Microsoft Office Pro for Windows 2021 + HP EliteBook + Certificate Course Bundle for $666
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices

May 28, 2021 by iHash Leave a Comment

chinese hackers

Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures (TTPs) adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks.

FireEye’s Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat clusters UNC2630 and UNC2717, said the intrusions line up with key Chinese government priorities, adding “many compromised organizations operate in verticals and industries aligned with Beijing’s strategic objectives outlined in China’s recent 14th Five Year Plan.”

password auditor

On April 20, the cybersecurity firm disclosed 12 different malware families, including STEADYPULSE and LOCKPICK, that have been designed with the express intent to infect Pulse Secure VPN appliances and put to use by several cyberespionage groups believed to be affiliated with the Chinese government.

  • UNC2630 – SLOWPULSE, RADIALPULSE, THINBLOOD, ATRIUM, PACEMAKER, SLIGHTPULSE, and PULSECHECK
  • UNC2717 – HARDPULSE, QUIETPULSE, AND PULSEJUMP

FireEye’s continued investigation into the attacks as part of its incident response efforts has uncovered four more malware families deployed by UNC2630 — BLOODMINE, BLOODBANK, CLEANPULSE, and RAPIDPULSE — for purposes of harvesting credentials and sensitive system data, allowing arbitrary file execution, and removing forensic evidence.

chinese hackers

In addition, the threat actors were also observed removing web shells, ATRIUM, and SLIGHTPULSE, from dozens of compromised VPN devices between April 17 and April 20 in what the researchers describe as “unusual,” suggesting “this action displays an interesting concern for operational security and a sensitivity to publicity.”

At the heart of these intrusions lies CVE-2021-22893, a recently patched vulnerability in Pulse Secure VPN devices that the adversaries exploited to gain an initial foothold on the target network, using it to steal credentials, escalate privileges, conduct internal reconnaissance by moving laterally across the network, before maintaining long-term persistent access, and accessing sensitive data.

“Both UNC2630 and UNC2717 display advanced tradecraft and go to impressive lengths to avoid detection. The actors modify file timestamps and regularly edit or delete forensic evidence such as logs, web server core dumps, and files staged for exfiltration,” the researchers said. “They also demonstrate a deep understanding of network appliances and advanced knowledge of a targeted network. This tradecraft can make it difficult for network defenders to establish a complete list of tools used, credentials stolen, the initial intrusion vector, or the intrusion start date.”

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: Chinese, computer security, Continue, Cyber, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Devices, espionage, hacker news, Hackers, hacking news, how to hack, information security, network security, Pulse, ransomware malware, Secure, software vulnerability, Target, the hacker news, VPN

Special Offers

  • The Complete Google Go Programming Language for Beginners Course for $13

    The Complete Google Go Programming Language for Beginners Course for $13
  • The 2022 Ultimate Project Managers Toolkit Bundle for $39

    The 2022 Ultimate Project Managers Toolkit Bundle for $39
  • Voicetapp Speech to Text Transcription: Lifetime Subscription for $59

    Voicetapp Speech to Text Transcription: Lifetime Subscription for $59
  • PDF Reader Pro Smart PDF Editor & Converter Tool: Premium License (For Windows) for $39

    PDF Reader Pro Smart PDF Editor & Converter Tool: Premium License (For Windows) for $39
  • Microsoft Office Pro for Windows 2021 + HP EliteBook + Certificate Course Bundle for $666

    Microsoft Office Pro for Windows 2021 + HP EliteBook + Certificate Course Bundle for $666

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

E-mail Newsletter

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors

Aug 16, 2022 By iHash

Heard on the Street – 8/15/2022

Aug 15, 2022 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news Cyber Security cybersecurity cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone iPhone 6 Malware microsoft network security Privacy ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video web applications

Latest

The Biggest Challenges When Adopting Data and AI Technologies

With the right technical infrastructure and data-literate work culture, the challenges with the adoption of data science and machine learning technologies can be easily addressed. Successful companies today need to be data driven. A survey by NewVantage Partners found that 92% of organizations are increasing their investments in data and artificial intelligence (AI) capabilities. On […]

Dotan Horovits

Improving DevOps Performance with DORA Metrics

Everyone in the software industry is in a race to become more agile. We all want to improve the performance of our software development lifecycle (SLDC). But how do you actually do that? If you want to improve your performance, first determine what KPI you’d like to improve. DORA metrics offer a good set of […]

Credential Theft Is (Still) A Top Attack Method

Credential theft is clearly still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication, password stealing remains a top attack method used by cyber criminals. The latest report from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. […]

eBook: Unlock Complex and Streaming Data with Declarative Data Pipelines 

Gartner predicts that global cloud revenue will be up by $66 billion this year, and by 2025, more than 95% of new digital workloads will be deployed on cloud-native platforms.  As companies ingest more and more data, it becomes more challenging to make it useful due to rapid increases in data volume, velocity, and variety. […]

Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users

A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download […]

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders

A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. “These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2022
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT