• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » News » Iranian hackers target VPNs worldwide to plant ‘persistent’ backdoors

Iranian hackers target VPNs worldwide to plant ‘persistent’ backdoors

by Emma Woollacott
21 February 2020
in News
0
flag of iran
7
SHARES

Iranian hackers have been exploiting bugs in major enterprise VPNs to target US and Israeli infrastructure organisations.

According to cybersecurity firm ClearSky, the attackers have over the last two years been able to establish a persistent presence in the networks of ‘numerous’ companies and organizations in IT, telecoms, oil and gas, aviation, government and security.

The campaign, which appears to have been carried out as a joint effort between the known hacking groups APT34 and APT33, has been dubbed Fox Kitten.

“Aside from malware, the campaign enfolds an entire infrastructure dedicated to ensuring the long-lasting capability to control and fully access the targets chosen by the Iranians,” the researchers write. 

“The revealed campaign was used as a reconnaissance infrastructure. However, it can also be used as a platform for spreading and activating destructive malware such as ZeroCleare and Dustman, tied to APT34.”

Hackers target bugs as they’re disclosed

Much of the hackers’ opportunity came through the disclosure of major security flaws in a number of enterprise VPN servers, including those from Pulse Secure, Palo Alto Networks, Fortinet and Citrix. 

In some cases, bugs were exploited within hours of being disclosed.

“Several VPN products have had vulnerabilities disclosed in recent months, and so it’s not surprising that state-backed groups are looking to leverage their window of opportunity, knowing all too well that patching vulnerable systems can take organisations a long time,” says Javvad Malik, security awareness advocate at security training firm KnowBe4. 

“There is a certain irony to this, as organisations deploy VPNs for security, but could be breached because of those very security products.”

In most cases, the attackers were able to maintain a foothold by installing several more access points to the core corporate network, so that closing one had no effect.

Supply chain attacks are a particular feature of the campaign, with the hackers targeting IT service companies in order to gain access to their partners.

Iran-US tensions continue

The discovery reveals the continuing cyberwar between Iran and the US, highlighted last month when the US Department of Homeland Security urged organizations to be on heightened alert for denial-of-service and other attacks after Iranian general Qassem Soleimani was killed in a US airstrike.

“The hackers are attempting to backdoor into significant Western corporations in order to begin a long-term cyber insurgency. These campaigns aim to cause havoc within those individual corporations’ networks but also use those networks as footholds to island hop into other companies and government agencies,” says Tom Kellermann, head cybersecurity strategist at security firm VMware Carbon Black.

“It’s possible [that US efforts will deter Iran] but seems unlikely. If anything, they are more likely to use proxies now as they embark upon a protracted campaign of attrition.”

The hackers’ technique of exploiting vulnerabilities as they’re reported raises the question of whether the industry should continue making disclosures before a patch is available. 

“This is a long-debated question. Disclosure is important, and without it many fail to act altogether. But it does introduce risk,” says Yossi Naar, chief visionary officer and cofounder of security firm Cybereason.

“The bigger concern is that if you don’t disclose it someone will still find and abuse it. Care should be taken to allow for the best handling on a case by case basis – but on the whole it’s better to know.”

Share7TweetShareShare

Related Posts

Elon Musk

Elon Musk to offer $100 million prize for ‘best’ carbon capture tech

22 January 2021
Alphabet shutting Loon, which used balloon alternative to cell towers

Alphabet shutting Loon, which used balloon alternative to cell towers

22 January 2021
Parler loses bid to require Amazon to restore service

Parler loses bid to require Amazon to restore service

22 January 2021
Bitcoin heads for worst weekly loss in months

Bitcoin heads for worst weekly loss in months

22 January 2021
Next Post
laptop and icons floating around

Why marketers shouldn't trust inaccurate Facebook data

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    83031 shares
    Share 83021 Tweet 0
  • 8 best cybersecurity podcasts for 2021

    56 shares
    Share 56 Tweet 0
  • Facebook is tracking you: learn how to delete all Facebook data

    56 shares
    Share 56 Tweet 0
  • How to find what Google knows about me and get back my privacy?

    0 shares
    Share 0 Tweet 0
  • Most common passwords: latest 2021 statistics

    381 shares
    Share 381 Tweet 0
Elon Musk

Elon Musk to offer $100 million prize for ‘best’ carbon capture tech

22 January 2021
Is there life on Mars?

Is there life on Mars?

22 January 2021
Covid-19 vaccine

Covid vaccines are now an excuse to launch phishing attacks

22 January 2021
Alphabet shutting Loon, which used balloon alternative to cell towers

Alphabet shutting Loon, which used balloon alternative to cell towers

22 January 2021
what is wireguard

WireGuard protocol: everything you need to know

22 January 2021
Parler loses bid to require Amazon to restore service

Parler loses bid to require Amazon to restore service

22 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!