Chinese APT Group Targeting Fortinet And Pulse Servers

A group of Chinese state-sponsored hackers known as APT5 is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month.

 

Experts Comments

September 06, 2019
Sam Curry
Chief Security Officer
Cybereason
We want to be very careful not to denigrate possibly innocent security companies. This is reminiscent of other hacks against RSA and Diginotar, where the fabric of trust is attached. However, life goes on; and we just learn and adapt collectively. The message to us all should be that security requires depth in planning and architecture: segmentation, assumption of compromise, good comms practices even when security is believed to be in place and so on. Further, we should be assuming compromise.....Read More
We want to be very careful not to denigrate possibly innocent security companies. This is reminiscent of other hacks against RSA and Diginotar, where the fabric of trust is attached. However, life goes on; and we just learn and adapt collectively. The message to us all should be that security requires depth in planning and architecture: segmentation, assumption of compromise, good comms practices even when security is believed to be in place and so on. Further, we should be assuming compromise of controls and prevention failures and therefore hone our cyber capabilities: detection, hunting, behavioral monitoring and so on. Now all eyes are on the vendors to see how they handle their customers, their services and their responsibilities.  Read Less
September 06, 2019
Prash Somaiya
Technical Program Manager
HackerOne
Hackers, both white hat and black hat, collect huge amounts of data on their targets. They have a passive understanding of the types of services and systems that their targets are running. When a vulnerability is made public (as with Pulse and Fortinet), researchers are able to search through their data and find targets with the vulnerable software running. This enables them to exploit these systems incredibly quickly. However, a number of Pulse and Fortinet customers still haven’t.....Read More
Hackers, both white hat and black hat, collect huge amounts of data on their targets. They have a passive understanding of the types of services and systems that their targets are running. When a vulnerability is made public (as with Pulse and Fortinet), researchers are able to search through their data and find targets with the vulnerable software running. This enables them to exploit these systems incredibly quickly. However, a number of Pulse and Fortinet customers still haven’t installed patches that were released in April and May, respectively. In Fortinet’s case, they both failed to notify their customers of the flaw and make the subsequent patch accessible. Pulse on the other hand, took the right action: they sent a security advisory to their customers and requested a CVE. Therefore, it seems the unpatched flaws in their servers lays with the negligence of their customers.Everyone, on both sides of the coin, has a responsibility for security: companies need to alert and advice their customers and, in turn, the customers need to heed this advice.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.