Researchers find four new malware tools created to exploit Pulse Secure VPN appliances
Researchers at FireEye have disclosed attacks against defense, government, and financial organizations leveraging vulnerabilities in the Pulse Secure VPN software. Pulse Secure’s virtual private network and Secure Connect solutions are used by organizations worldwide to ensure secure access to business systems. FireEye reportedly discovered four new malware families designed specifically to target Pule Secure VPN appliances, according to an April 20 report. FireEye found one major vulnerability in the software, CVE-2021-22893, giving it a CVSS severity score of 10. The bug is described as an authentication bypass that impacts Pulse Connect Secure.
According to FireEye, the flaw could be used to allow unauthenticated attackers to perform remote arbitrary code execution. Other disclosed vulnerabilities can be used to establish persistence on a vulnerable appliance or further compromise devices. Cybersecurity firm Mandiant has raised suspicions that Chinese threat actors are exploiting the vulnerabilities. Intrusions utilizing the flaws have been detected at entities ranging across the defense, government, technology, transport, and finance sectors in the US and Europe.