Friday April 3, 2020
Home Lead Story Iranian Hacke...

Iranian Hackers Breach VPN Servers to Gain Network Access of Several Firms Globally

Iranian hackers breach VPN servers of several firms globally

0
//
Iranian hackers
Cybersecurity researchers have spotted a widespread hacking by Iranian groups. Pixabay

Cybersecurity researchers have spotted a widespread hacking by Iranian groups who compromised VPN (virtual private network) servers, planted bugs or ‘backdoors’ and succeeded in gaining access to the networks of numerous companies and organisations around the world.

During the last quarter of 2019, the research team from the UK-based ClearSky uncovered a widespread Iranian offensive campaign which it called the “Fox Kitten Campaign”. “This campaign is being conducted in the last three years against dozens of companies and organisations in Israel around the world,” the company said in a statement on Sunday.

“Through the campaign, the attackers succeeded in gaining access and persistent foothold in the networks of numerous companies and organisations from the IT, telecommunication, oil and gas, aviation, government and security sectors around the world,” it added.

Aside from malware, the campaign enfolds an entire infrastructure dedicated to ensuring the long-lasting capability to control and fully access the targets chosen by the Iranians. The campaign infrastructure was used to develop and maintain access routes to the targeted organisations and steal valuable information from the targeted organisations.

Iranian hackers
The Iranian APT groups have succeeded to penetrate and steal information from dozens of companies around the world in the past three years. Pixabay

“Hackers maintained a long-lasting foothold at the targeted organisations and breach additional companies through supply-chain attacks.”

The campaign was conducted by using a variety of offensive tools, most of which open-source code-based and some self-developed. The Iranian APT groups have succeeded to penetrate and steal information from dozens of companies around the world in the past three years.

The most successful and significant attack vector used by the Iranian advanced persistent threat (APT) groups in the last three years has been the exploitation of known vulnerabilities in systems with unpatched VPN and RDP services, in order to infiltrate and take control over critical corporate information storages.

After breaching the organisations, the attackers usually maintain a foothold and operational redundancy by installing and creating several more access points to the core corporate network. As a result, identifying and closing one access point does not necessarily deny the capability to carry on operations inside the network.

Also Read- High Temperature Records in Antarctica will Take Months to Verify: UN

“Iranian APT groups have developed good technical offensive capabilities and are able to exploit one-day vulnerabilities in relatively short periods of time,” said the researchers. ClearSky observed Iranian groups exploiting VPN flaws within hours after the bugs had been publicly disclosed.

According to a ZDNet report, Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies. (IANS)

Next Story

Video Meeting App Zoom Prone to Hacking: Report

Zoom bug can let hackers steal your Windows password

0
zoom hacking
The video conferencing app Zoom has an unpatched bug can let hackers steal users Windows password. (Representational Image). Pixabay

Slammed for the lack of users privacy and security by the US Federal Bureau of Investigation (FBI) and cybersecurity experts, video meeting app Zoom is also prone to hacking, a new report has claimed, saying an unpatched bug can let hackers steal users Windows password.

The �Zoom client for Windows’ is vulnerable to the ‘UNC path injection’ vulnerability that could let remote attackers steal login credentials for victims’ Windows systems, reports TheHacckeNews.

The latest finding by cybersecurity expert @_g0dmode, has also been “confirmed by researcher Matthew Hickey and Mohamed A. Baset,’ the report said late Wednesday.

Please follow NewsGram on Twitter to get updates on the latest news

The attack involves the “SMBRelay technique” wherein Windows automatically exposes a user’s login username and NTLM password hashes to a remote server, when attempting to connect and download a file hosted on it.

“The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insecure URLs into hyperlinks for recipients in a personal or group chat,” the report claimed. Besides Windows credentials, the vulnerability can also be exploited to launch any programme present on a targeted computer.

zoom hacking
The Zoom client for Windows’ is vulnerable to the ‘UNC path injection’ vulnerability that could let remote attackers steal login credentials for victims’ Windows systems, reports TheHacckeNews. Pixabay

Zoom has been notified of this bug but the flaw is yet to be fixed. “Users are advised to either use an alternative video conferencing software or Zoom in your web browser instead of the dedicated client app,” said the report. Another media report claimed that Zoom doesn’t use end-to-end encryption to protect calling data of its users.

Please follow NewsGram on Instagram to get updates on the latest news

As businesses, schools and colleges and millions of SMBs use video conferencing tool Zoom during the work-from-home scenario, the US Federal Bureau of Investigation (FBI) has warned people about porn material being popped up during the video meetings.

Also Read- Facebook Announces To Expand Community Help Feature

The Boston branch of the law enforcement agency said it has received multiple reports of Zoom conferences being disrupted by pornographic and/or hate images and threatening language.

The video conferencing app late last month updated its iOS app to remove the software development kit (SDK) that was providing users’ data to Facebook through the Login with Facebook feature. (IANS)