Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,072
- Points
- 113
Financial and telecommunications companies in Eastern Europe and Central Asia have been hit by a series of cyber attacks aimed at stealing funds or financial data. As reported in Kaspersky Lab, the criminals tried to withdraw several million dollars from each financial organization, and in the corporate networks of telecom companies they were interested in data to access financial information.
All attacks were united by a number of common factors, in particular, the technology used and the single point of entry - corporate VPN solutions installed in all affected companies. To achieve their goal, the criminals used the CVE-2019-11510 vulnerability (affects the Pulse Secure Pulse Connect Secure software), which allows an unauthorized attacker to read arbitrary files using a specially crafted URI.
Tools for exploiting this vulnerability are freely available on the Internet, with their help attackers can obtain credentials for administrator accounts on the corporate network and, accordingly, access valuable information.
Having studied the tactics and techniques used, the experts came to the conclusion that the organizers of the attacks are most likely Russian-speaking attackers. In the past, this vulnerability has already been exploited in campaigns by various cybercriminal groups. For example, it was in August of this year recorded attempts of exploitation of vulnerabilities, VPN-solutions from Fortinet and Pulse Secure companies, and a month later the same vulnerabilities tried to take advantage of China's pro-government group APT5 (Manganese) to break the telecommunications and technology companies.
