Chinese APT Group Targeting Fortinet And Pulse Servers

By   ISBuzz Team
Writer , Information Security Buzz | Sep 06, 2019 04:28 am PST

A group of Chinese state-sponsored hackers known as APT5 is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month.


Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Sam Curry
Sam Curry , Chief Security Officer
September 6, 2019 12:41 pm

We want to be very careful not to denigrate possibly innocent security companies. This is reminiscent of other hacks against RSA and Diginotar, where the fabric of trust is attached. However, life goes on; and we just learn and adapt collectively. The message to us all should be that security requires depth in planning and architecture: segmentation, assumption of compromise, good comms practices even when security is believed to be in place and so on. Further, we should be assuming compromise of controls and prevention failures and therefore hone our cyber capabilities: detection, hunting, behavioral monitoring and so on. Now all eyes are on the vendors to see how they handle their customers, their services and their responsibilities.

Last edited 4 years ago by Sam Curry
Prash Somaiya
Prash Somaiya , Technical Program Manager
September 6, 2019 12:35 pm

Hackers, both white hat and black hat, collect huge amounts of data on their targets. They have a passive understanding of the types of services and systems that their targets are running. When a vulnerability is made public (as with Pulse and Fortinet), researchers are able to search through their data and find targets with the vulnerable software running. This enables them to exploit these systems incredibly quickly.

However, a number of Pulse and Fortinet customers still haven’t installed patches that were released in April and May, respectively. In Fortinet’s case, they both failed to notify their customers of the flaw and make the subsequent patch accessible.

Pulse on the other hand, took the right action: they sent a security advisory to their customers and requested a CVE. Therefore, it seems the unpatched flaws in their servers lays with the negligence of their customers.Everyone, on both sides of the coin, has a responsibility for security: companies need to alert and advice their customers and, in turn, the customers need to heed this advice.

Last edited 4 years ago by Prash Somaiya

Recent Posts

Would love your thoughts, please comment.x