Chinese APT groups still attempting to access Pulse Secure VPN's

As previously discussed groups who have the best interests of the Chinese government created a toolkit to breach Pulse Secure VPN's used by governments of all sizes in the western world.  New research indicates that the groups are still actively trying to exploit the bugs covered in CVE-2021-22893.  The bad actors are using four new kits that are being named Bloodmine, Bloodbank, CleanPulse, and RapidPulse.  This brings the number of toolkits designed to take advantage of the bug to 16.  The report from Mandiant names the 3 groups in their most recent report as UNC2630 and UNC2717.     

https://www.darkreading.com/attacks-breaches/chinese-apt-groups-continue-to-pound-away-on-pulse-secure-vpns/d/d-id/1341174?&web_view=true

https://www.fireeye.com/blog/threat-research/2021/05/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices.html?&web_view=true

https://www.cyberscoop.com/pulse-secure-vpn-hacking-also-hit-transportation-telecom-firms-fireeye-says/?web_view=true

 

 

For more information, or to comment on this topic, visit Yet Another Security Blog.