Suspected Chinese hackers exploited Pulse Secure VPN to compromise ‘dozens’ of agencies and companies in US and Europe

For months, hackers with suspected ties to China have exploited a popular workplace tool to break into government agencies, defense companies and financial institutions in the US and Europe, according to a report by the cybersecurity firm FireEye.

The alarming report highlights how hackers repeatedly took advantage of several known flaws and one newly discovered vulnerability in Pulse Secure VPN, a widely used remote connectivity tool, to gain access to dozens of organizations in the defense industrial sector.

Tuesday’s revelations represent the latest cybersecurity crisis to hit the US, following the SolarWinds intrusion campaign by Russia’s foreign intelligence service and a raft of server software exploits that Microsoft has attributed to Chinese state-sponsored hackers.

The US Department of Homeland Security confirmed the intrusions in its own public advisory Tuesday, urging network administrators to run a special tool designed to scan for signs of compromise and to install an emergency workaround published by Ivanti, the owner of Pulse Secure.

The attackers who exploited Pulse Secure are extremely sophisticated and used their access to steal account credentials and other sensitive data belonging to victim organizations, said Charles Carmakal, FireEye’s senior vice president.

“These actors are highly skilled and have deep technical knowledge of the Pulse Secure product,” Carmakal said.

Some of the intrusions using the vulnerabilities began as early as August of last year, according to FireEye’s report. The group conducting those attacks may be working for the Chinese government, the report said, and Carmakal added that “there are some similarities between portions of this activity and a Chinese actor we call APT5.”

Other actors have exploited the vulnerabilities as well, though FireEye said it’s unclear whether they may be linked to a particular government.

In a blog post, Pulse Secure said the newly discovered flaw affects a “very limited number of customers” and that a more permanent software update to address that vulnerability will be issued in early May. Software patches already exist for the other vulnerabilities.

“The Pulse Connect Secure (PCS) team is in contact with a limited number of customers who have experienced evidence of exploit behavior on their PCS appliances,” Pulse Secure said. “The PCS team has provided remediation guidance to these customers directly.”

It added: “Customers are also encouraged to apply and leverage the efficient and easy-to-use Pulse Secure Integrity Checker Tool to identify any unusual activity on their system.”

DHS’ Cybersecurity and Infrastructure Security Agency said that since March 31, it has assisted “multiple entities” whose vulnerable products have been exploited by a cyber threat actor.

“CISA has been working closely with Ivanti, Inc. to better understand the vulnerability in Pulse Secure VPN devices and mitigate potential risks to federal civilian and private sector networks,” Nicky Vogt, an agency spokesperson, said Tuesday. “We will continue to provide guidance and recommendations to support potentially impacted organizations.”


Steve Talks with Van Halen Bassist Michael Anthony!

Steve Talks with Van Halen Bassist Michael Anthony!

Steve Gorman Rocks! Interview Steve got the chance to catch up with Van Halen bassist Michael Anthony on Friday! Michael reminisced on the first time he heard Sammy Hagar sing, immediately realizing Van Halen had a new frontman. He talked about his work with superbands Chickenfoot and The Circle, and looked back on Van Halen’s worldwide dominance!

Steve Talks with Sammy Hagar!

Steve Talks with Sammy Hagar!

Steve Gorman Rocks! Interview Steve had the chance to catch up with the Red Rocker himself, Sammy Hagar! They chatted about the moment Sammy “became the leader” of Van Halen, reminisced about Eddie Van Halen and his legacy, and talked about how different it was recording an album during a pandemic. Sammy’s current band The…

New Jim Morrison Writings to be Released in June!

New Jim Morrison Writings to be Released in June!

The world will see new Jim Morrison for the first time in decades as “The Collected Works” has been unearthed and gathered together for release. Before his death in 1971, the Doors frontman handwrote a list titled “Plan for Book” that includes unrecorded lyrics, poetry, excerpts from notebooks, and even a film treatment. David Browne…

Steve Talks with Cheap Trick’s Rick Nielsen!

Steve Talks with Cheap Trick’s Rick Nielsen!

Steve Gorman Rocks! Interview: Steve had a chance to catch up with one of our favorite people, Rick Nielsen of Cheap Trick! Rick talked about Cheap Trick’s legacy, their new killer single “Light Up The Fire”, and reminisced about touring days and fun on the road. Check out the interview below!        …