Vulnerabilities exploited in VPN products used worldwide

3 Oct 2019 12:27 PM

APTs are exploiting vulnerabilities in several VPN products used worldwide.

The NCSC is investigating the exploitation, by Advanced Persistent Threat (APT) actors, of known vulnerabilities affecting Virtual Private Network (VPN) products from vendors Pulse secure, Palo Alto and Fortinet.

This activity is ongoing, targeting both UK and international organisations. Affected sectors include government, military, academic, business and healthcare. These vulnerabilities are well documented in open source.

For further information on detecting and mitigating this activity see the downloadable PDF below.

Downloads

APTs exploit multiple VPNs PDF, 207 KB, 5 PAGES

The NCSC is investigating the exploitation, by APT actors, of known vulnerabilities affecting a number of VPN products from vendors Pulse secure, Palo Alto and Fortinet.