The alarming report highlights how hackers repeatedly took advantage of several known flaws and one newly discovered vulnerability in Pulse Secure VPN, a widely used remote connectivity tool, to gain access to dozens of organizations in the defense industrial sector.
has attributed to Chinese state-sponsored hackers.
public advisory Tuesday, urging network administrators to run a special tool designed to scan for signs of compromise and to install an emergency workaround published by Ivanti, the owner of Pulse Secure.
The attackers who exploited Pulse Secure are extremely sophisticated and used their access to steal account credentials and other sensitive data belonging to victim organizations, said Charles Carmakal, FireEye’s senior vice president.
“These actors are highly skilled and have deep technical knowledge of the Pulse Secure product,” Carmakal said.
Some of the intrusions using the vulnerabilities began as early as August of last year, according to FireEye’s report. The group conducting those attacks may be working for the Chinese government, the report said, and Carmakal added that “there are some similarities between portions of this activity and a Chinese actor we call APT5.”
Other actors have exploited the vulnerabilities as well, though FireEye said it’s unclear whether they may be linked to a particular government.