Newly discovered Wi-Fi vulnerabilities called FragAttacks put all mobile devices at risk
American cybersecurity firm Mandiant recently faced a series of
security incidents related to the breach of Pulse Secure VPN
appliances. The attackers involved used authentication bypass
techniques to circumvent VPN security parameters. The attacker
groups appear to have installed APT via web shells to monitor
systems despite VPN functionality.
These web shells have withstood multiple upgrades. So far, Pulse
Secure has determined that this attack builds on a number of
previous vulnerabilities and a vulnerability only discovered in
April 2021 (CVE-2021-22893) to perform the initial infection.
Since the beginning of these attacks, Pulse Secure's parent
company, Ivanti, has provided fixes for a vulnerability exploited
with this malware. In addition, the company will release the Pulse
Connect Secure Integrity Tool so customers can assess if their
systems are affected.
Currently, Pulse Secure and Mandiant are working diligently to
address this issue for customers, government partners, and other
forensics professionals. So far, the investigation has found no
evidence that these detected backdoors were introduced through any
type of compromise in software delivery or supply chain processes.
Currently, ongoing code analysis initiatives are evaluating the 12
seemingly unique malware families associated with these attacks.
On the government side, Mandiant has partnered with Ivanti and
Pulse Secure to monitor government networks for backdoor activity.