New news released today claimed that Iranian hackers hacked popular VPN servers like Pulse Secure, Fortinet, Palo Alto Networks to infiltrate backdoors in companies and government agencies around the world.
Last year, many corporate VPN servers such as Pulse Secure, Palo Alto Networks, Fortinet and Citrix faced major security issues. A new report released by the Israeli-based cyber security firm ClearSky reveals that Iran’s state-sponsored hacker army has exploited security flaws in VPN services last year to infiltrate companies around the world and enter backdoors.
According to the report, Iranian hackers targeted the company operating in the field of information technology, telecommunications, oil, natural gas, aviation and security last year. The report shows that Iranian hackers are as dangerous as Russian, Chinese or North Korean hackers.
ClearSky says Iranian hackers supported by the state have improved their attack capabilities and were able to exploit vulnerabilities in a very short time. The Israeli company launched many cyber attacks in 2019 using Iran’s vulnerabilities detected in Pulse Secure “Connect” VPN (CVE-2019-11510), Fortinet FortiOS VPN (CVE-2018-13379) and Palo Alto Networks “Global Protect” services. the report says.
According to ClearSky’s report, the purpose of these attacks is to infiltrate corporate networks and create backdoors in the systems for future attacks. Iranian hackers have infiltrated Windows systems through ‘Sticky Keys’, an access feature designed for people who have trouble pressing two or more keys at the same time. Using hack tools like JuicyPotato and Invoke the Hash, hackers have also used legitimate sysadmin software such as Putty, Plink, Ngrok, Serveo or FRP.
ClearSky’s report highlights that there are at least three Iranian hacker groups behind attacks on VPN servers around the world. It is stated in the report that Iranian hackers cooperated unprecedented in the past, and that the attacks were carried out with great coordination. Last week, security researchers announced that they discovered six different vulnerabilities on SonicWall SRA and SMA VPN servers. According to the report, the next target of Iranian hackers will most likely be these services.