Chinese APT Group Targeting Fortinet And Pulse Servers

A group of Chinese state-sponsored hackers known as APT5 is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month.

 


EXPERTS COMMENTS
Sam Curry, Chief Security Officer,  Cybereason
September 06, 2019
Now all eyes are on the vendors to see how they handle their customers, their services and their responsibilities.
We want to be very careful not to denigrate possibly innocent security companies. This is reminiscent of other hacks against RSA and Diginotar, where the fabric of trust is attached. However, life goes on; and we just learn and adapt collectively. The message to us all should be that security requires depth in planning and architecture: segmentation, assumption of compromise, good comms practices ....
[Read More >>]
Prash Somaiya, Technical Program Manager,  HackerOne
September 06, 2019
Everyone, on both sides of the coin, has a responsibility for security: companies need to alert and advice their customers.
Hackers, both white hat and black hat, collect huge amounts of data on their targets. They have a passive understanding of the types of services and systems that their targets are running. When a vulnerability is made public (as with Pulse and Fortinet), researchers are able to search through their data and find targets with the vulnerable software running. This enables them to exploit these syste ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article