Expert Response On DarkHotel Hackers Use VPN Zero-day To Breach Chinese Government Agencies

Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks. Qihoo said it discovered more than 200 VPN servers that have been hacked in this campaign.

Experts Comments

April 06, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
In recent months, there have been a number of flaws reported in VPN providers. It was also revealed that some nation-state actors were actively seeking such vulnerable VPNs in order to gain a foothold into organisations. It's an ironic twist whereby a security tool itself is leveraged by the criminals to gain access into an organisation. Fortunately, patches for these vulnerabilities exist, and with more staff working remotely these days and therefore using the VPN, patching these systems and.....Read More
In recent months, there have been a number of flaws reported in VPN providers. It was also revealed that some nation-state actors were actively seeking such vulnerable VPNs in order to gain a foothold into organisations. It's an ironic twist whereby a security tool itself is leveraged by the criminals to gain access into an organisation. Fortunately, patches for these vulnerabilities exist, and with more staff working remotely these days and therefore using the VPN, patching these systems and ensuring the security of corporate data should be of utmost importance. However, that is something some organisations may find challenging both from the perspective of disrupting remote working staff, and to try and install patches when working remotely themselves.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.