Overseas APT Organization Exploits Vulnerabilities to Breach Sangfor SSL VPNs and Deliver Malicious Code Threat Alert
April 20, 2020
On April 6, Sangfor released an advisory, announcing that an overseas APT organization illegally took control of some of their SSL VPN devices and sent malicious files to clients by exploiting a client upgrade vulnerability. NSFOCUS has kept a close eye on this issue and conducted overall analysis. We advise related users to take precautions as soon as possible.
The vulnerability exists due to the defect of the upgrade module signature authentication mechanism of the Windows client of SSL VPN devices. The prerequisite for exploitation is that attackers must take control of SSL VPN privileges. According to Sangfor’s analysis, this vulnerability is difficult to exploit. Therefore, Sangfor estimates that there are only a limited number of affected VPN devices. According to the NSFOCUS security team, not many VPN devices have been compromised by the APT organization, but the affected versions are widely used in enterprises in China.
September 1, 2017
Overview On August 17, 2017, the National Bank of Ukraine (NBU) warned financial institutions in the country about a potential cyberattack. The virus would exploit the CVE-2015-2545 vulnerability to cause remote code execution by sending emails with the code disguised as a Microsoft Word document. Subsequently, a cybersecurity institution found traces of such an attack […]
December 4, 2015
Author: Dave Martin, Director of Product Marketing, NSFOCUS
What would happen if you combined Moore’s law with Darwin’s Theory of Evolution and applied them to DDoS attacks? Unfortunately, modern DDoS attacks seem to embody this idea perfectly as both the frequency and complexity of these attacks have become truly staggering in just a short amount of time.