Expert Insight On Iranian Hackers Are Hacking VPN Servers To Plant Backdoors In Companies Across The World

During the last quarter of 2019, the ClearSky research team has uncovered a widespread Iranian offensive campaign called “Fox Kitten Campaign”; this campaign is being conducted in the last three years against dozens of companies and organizations in Israel and around the world.

Though the campaign, the attackers succeeded in gaining access and persistent foothold in the networks of numerous companies and organizations from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world.

Experts Comments

February 19, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
Several VPN products have had vulnerabilities disclosed in recent months and so it's not surprising that state-backed groups are looking to leverage their windo of opportunity, knowing all too well that patching vulnerable systems can take organisations a long time. There is a certain irony to this as organisations deploy VPNs for security, could be breached because of those very security products. It's important for organisations to remember that security products themselves are software. .....Read More
Several VPN products have had vulnerabilities disclosed in recent months and so it's not surprising that state-backed groups are looking to leverage their windo of opportunity, knowing all too well that patching vulnerable systems can take organisations a long time. There is a certain irony to this as organisations deploy VPNs for security, could be breached because of those very security products. It's important for organisations to remember that security products themselves are software. And like all other forms of software, they can, and do have flaws and vulnerabilities. Because many security products run at higher privileges, any compromise could give a criminal the keys to the kingdom. Therefore it would be prudent for organisations to identify security software in their asset inventories, and ensure they are patched as a matter of urgency.  Read Less
February 18, 2020
Marc Gaffan
CEO
Hysolate
Sophisticated hackers and especially nation states are going to be the first to use newly disclosed vulnerabilities across operating systems, networking and other areas of corporate and critical infrastructure. That is why Microsoft and other security leaders and urging enterprises to separate their critical and most sensitive infrastructure components from their regular day-to-day infrastructure components, which includes both Privileged Access Workstations and Network Segmentation that will.....Read More
Sophisticated hackers and especially nation states are going to be the first to use newly disclosed vulnerabilities across operating systems, networking and other areas of corporate and critical infrastructure. That is why Microsoft and other security leaders and urging enterprises to separate their critical and most sensitive infrastructure components from their regular day-to-day infrastructure components, which includes both Privileged Access Workstations and Network Segmentation that will ensure that if one part of your infrastructure is compromised, the most critical areas remain intact.  Read Less
February 18, 2020
Bob Noel
VP of Strategic Partnerships
Plixer
Although the recent uptick in global tensions has elevated the perception of risk for many organizations, many have not implemented proper solutions to monitor and visualize their network traffic. At this point, everyone should constantly operate under the assumption that they are already compromised. There is a never-ending stream of new vulnerabilities and every organization, every day, has vulnerable devices connected to the business. Network traffic analysis (NTA) is a must-have technology.....Read More
Although the recent uptick in global tensions has elevated the perception of risk for many organizations, many have not implemented proper solutions to monitor and visualize their network traffic. At this point, everyone should constantly operate under the assumption that they are already compromised. There is a never-ending stream of new vulnerabilities and every organization, every day, has vulnerable devices connected to the business. Network traffic analysis (NTA) is a must-have technology at this point, scrutinizing every conversation and running algorithms to uncover bad actors who have gained a foothold and operating under stealth. Once a hacker gains a foothold, they will look to escalate their privileges through lateral movement. Traditional security tools that sit at the perimeter, cannot see this lateral movement. NTA, on the other hand, is deployed within the network and is purpose-built to monitor all traffic (including east/west traffic) to identify, notify, and remediate the risk.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts