Pulse Connect Secure Hack
Pulse Secure, a common remote access tool used in government and industry, has been compromised by a group of Chinese actors. Cybersecurity firm Mandiant made the announcement the week of the 20th. Since then CISA and other government groups have posted bulletins warning government and critical infrastructure operators to scan their networks using the Pulse Connect Secure integrity Tool (https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755) and if evidence of a breach is found to engage in mitigation efforts immediately. It appears that this had has allowed the Chinese government to have direct access to critical systems for months, but this does not seem as widespread as other attacks that have recently made the news. It was also announced in another bulletin that Russian actors (namely SVR/Cozy Bear have used a suite of 5 vulnerabilities in common software used by government and industry that include Pulse Secure.
It should be noted that Pulse Secure claims that they have fixed the issue and that everyone should upgrade to the newest version (currently Connect Secure 9.1R11.4).
https://www.nbcnews.com/tech/security/china-another-hack-us-cybersecurity-issues-mount-rcna744
https://threatpost.com/pulse-secure-critical-zero-day-active-exploit/165523/
https://securityaffairs.co/wordpress/116891/cyber-warfare-2/russia-svr-actively-targets-5-flaws.html
https://cyware.com/news/russia-linked-svr-apt-group-exploiting-five-known-vulnerabilities-9b0a77a3
Government Bulletins:
https://cyber.dhs.gov/ed/21-03/
https://us-cert.cisa.gov/ncas/alerts/aa21-110a
For more information, or to comment on this topic, visit Yet Another Security Blog.