Threat Landscape Dashboard

Assessing today's threats and the relationships between them

VPN Vulnerabilities Under Attack - Alert AA20-259A

A threat actor targeted the IT, government, healthcare, financial, insurance, and media sectors across the United States with multiple webshells known as ChunkyTuna, Tiny, and China Chopper. The cyber group focused on exploiting known vulnerabilities in Pulse Secure virtual private network, Citrix NetScaler, and F5 to gain an initial foothold into the network. Persistence, remote access, and data exfiltration was carried out using various tools including a modified version of the open-source FRP tool and a PowerShell script which is part of the "KeeThief" open source project.
Name Modified Date Sources
VPN Vulnerabilities Under Attack - Alert AA20-259A 2020-09-16