Warning that China may be involved in the attack on VPN product 'Pulse Connect Secure'

The US Department of Homeland Security Cyber Security and Infrastructure Security Agency (CISA) exploits a vulnerability in Pulse Secure's business VPN product, Pulse Connect Secure , to allow multiple hacker groups to use US government agencies and critical infrastructure. Warned that it had launched an attack on the structure entity. Security companies have announced that the Chinese government is suspected of being involved in at least one of the hacker groups.

Exploitation of Pulse Connect Secure Vulnerabilities | CISA
https://us-cert.cisa.gov/ncas/alerts/aa21-110a

Pulse Connect Secure Security Update --Pulse Secure Blog
https://blog.pulsesecure.net/pulse-connect-secure-security-update/

Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day | FireEye Inc
https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

China-linked hackers used VPN flaw to target US defense industry -researchers | Reuters
https://www.reuters.com/technology/china-linked-hackers-used-pulse-secure-flaw-target-us-defense-industry-2021-04-20/

CISA has announced a new warning about the Pulse Connect Secure vulnerability. This warning is remote by hacker groups bypassing the ' CVE-2019-11510 ', ' CVE-2020-8260 ' and 'CVE-2020-8243' discovered in 2019-20 and the newly discovered authentication. It was issued after it was confirmed that an attack was launched by exploiting a vulnerability such as'CVE-2021-22893 ' that allows arbitrary code to be executed from. The newly discovered CVE-2021-22893 is rated the most deadly '10' in the Common Vulnerabilities and Exposures System (CVSS) score. In addition, CVE-2019-11510 discovered in 2019 is jointly named by CISA, the US National Security Agency (NSA), and the Federal Bureau of Investigation (FBI). It was a vulnerability that was announced.

Five vulnerabilities have been exploited in attacks on the United States and allies by the Russian Foreign Intelligence Service-GIGAZINE

For a range of vulnerabilities, known patches for CVE-2019-11510, CVE-2020-8260, and CVE-2020-8243 have been released, but for the newly discovered CVE-2021-22893, 2021 5 A patch will be released in early May. CISA and security company FireEye are working with this patch.

Meanwhile, FireEye, which cooperates in the creation of the patch, has officially announced that 'the involvement of the Chinese government is suspected.' It has been confirmed that multiple hacker groups have attacked a series of vulnerabilities, one of which has strong similarities to the hacker group 'APT5', which has long been suspected of involving the Chinese government. , Limited evidence was found that it was attacking for the Chinese government.

A spokesman for the Chinese embassy in the United States said, 'China is firmly opposed to and cracking down on all forms of cyberattacks,' accusing FireEye of being 'irresponsible and malicious.' ..

If this vulnerability is exploited, a web shell will be placed on the appliance and the system may be permanently compromised, so CISA distributed it to organizations nationwide by Pulse Secure as a countermeasure. I am asking you to run the integrity check tool ' Pulse Secure Connect Integrity Tool' and update it.

Pulse Secure said, 'We found that a limited number of customers were hacked by Pulse Connect Secure,' and used the phrase 'only a limited number of companies were affected.'