Iran: A significant number of security bugs were disclosed last year pertaining to major VPN providers such as Pulse Secure, Palo Alto, Fortinet, and Citrix. A new report indicates that the Iranian government took notice of those vulnerabilities and set their cyber-units to work on exploiting them. According to research done by ClearSky, the Iranian hackers used this access to target companies within the “IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors.” In some instances, Iranian hackers were seen exploiting the VPN flaws within hours of the public disclosure of the bugs. Throughout this campaign of exploiting the VPN flaws, the hackers worked to quickly install backdoor access on enterprise systems to allow for easier access to corporate networks at a later date. The operation appears to have been designed to take place in two phases: phase one is the breach of the enterprise networks through the VPN vulnerabilities, then phase two involves moving laterally within victim networks with a collection of various tools.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in