A number of North Korean allegedly state-aided hacker groups with significant security incidents are behind an attack last month by the South Korean State Atomic Research Institute. Institute, KAERI)
Hackers from the Kimsuky APT Group were able to exploit a VPN vulnerability to gain access to KAERI’s internal network.
As the Institute, which has now recognized the incident – responsible for nuclear research in South Korea, if the state’s key nuclear-related technologies leaked to North Korea, it could be the country’s biggest security breach
According to the US Cyber Security and Information Security Agency, Kimsuky North Korean intelligence (Reconnaissance General Bureau intelligence), global intelligence activities focusing on, inter alia, nuclear foreign policy and national security issues.
a North Korean hacker group did not attack a South Korean target for the first time, they had law enforcement phishing attempts in 2019, while in 2014, for example, they attacked a hydroelectric and nuclear power plant. In addition, Daewoo Shipbuilding & Marine Engineering, a South Korean Army ship and submarine supplier, has been under constant attack since last year.
It is not yet known which manufacturer’s vulnerabilities were exploited by the attackers, but the latter According to the DLP blog, there were some worrying news about quite a few VPN vulnerabilities.
- Pulse Secure – CVE-2019-11510 Pulse Connect Secure (PCS): Pre- auth arbitrary file reading
- Pulse Secure – CVE-2019-11539 Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Post-auth command injection
- Fortinet – CVE-2018-13379 FortiOS: Pre-auth arbitrary file reading
- Fortinet – CVE-2018-13382 FortiOS: Unauthenticated SSL VPN users password modification
- Fortinet – CVE-2018-13383 FortiOS: SSL VPN buffer overrun when parsing javascript href content
- Citrix NetScaler – CVE-2019-19781: Directory Path Traversal leads to RCE
- Palo Alto Networks – CVE-2020-2050 PAN-OS: Authentication bypass vulnerability in GlobalProtect client certificate verification
- Palo Alto Networks – CVE -2020-2005 PAN-OS: GlobalProtect clientless VPN session hijacking
- Palo Alto Networks – CVE-2019-1579 PAN-OS: Remote Code Execution in GlobalProtect Portal / Gateway Interface
- SonicWall – CVE-2020-5135 SONIC-OS: A buffer overflow vulnerability
- SonicWall – CVE-2019 -7481 SonicOS: Blind SQL injection vulnerability which can be exploited remotely
- SonicWall – CVE-2019-7482 SonicOS: Execute arbitrary commands with nobody privileges on the device
- SonicWall – CVE-2019-7483 SonicOS: Pre-authentication vulnerability
- Cisco Systems – CVE-2020-3220 Cisco IOS: Cisco IOS XE software IPsec VPN denial of service vulnerability
- Moxa – CVE-2020-14511: Moxa’s EDR-G902 and EDR-G903 series secure routers / VPN servers sport a stack -ba sed buffer overflow bug
Although manufacturers have released their fixes as quickly as possible, there is unfortunately a significant backlog in their application: they are not necessarily installed by the organizations concerned.
Hardware, software, tests, curiosities and colorful news from the IT world by clicking here
