Blog

Compet Concept


Newly discovered Wi-Fi vulnerabilities called FragAttacks put all mobile devices at risk

American cybersecurity firm Mandiant recently faced a series of security incidents related to the breach of Pulse Secure VPN appliances. The attackers involved used authentication bypass techniques to circumvent VPN security parameters. The attacker groups appear to have installed APT via web shells to monitor systems despite VPN functionality.

These web shells have withstood multiple upgrades. So far, Pulse Secure has determined that this attack builds on a number of previous vulnerabilities and a vulnerability only discovered in April 2021 (CVE-2021-22893) to perform the initial infection. Since the beginning of these attacks, Pulse Secure's parent company, Ivanti, has provided fixes for a vulnerability exploited with this malware. In addition, the company will release the Pulse Connect Secure Integrity Tool so customers can assess if their systems are affected.

Currently, Pulse Secure and Mandiant are working diligently to address this issue for customers, government partners, and other forensics professionals. So far, the investigation has found no evidence that these detected backdoors were introduced through any type of compromise in software delivery or supply chain processes.

Currently, ongoing code analysis initiatives are evaluating the 12 seemingly unique malware families associated with these attacks. On the government side, Mandiant has partnered with Ivanti and Pulse Secure to monitor government networks for backdoor activity.