Zyxel officials wrote that reports about the attacks first came from users in Europe, at which point the company says it became aware of a sophisticated threat actor trying to access a subset of its devices. When security devices compromise the security It is still unclear whether the weaknesses under attack are novel or were known. It continued to explain how the attacks happen, saying that once the hackers gain access to a device through WAN successfully, they can bypass authentication and create SSL VPN tunnels with unknown user accounts like /zyxel_vpn_test/, /zyxel_ts/, and /zyxel_silvpn/, to then manipulate configurations on the device. The email, which was shared on Twitter, said that the company is aware of the situation and is doing its best to investigate and find a resolution. When the attackers gain access to the device, they can connect to previously unknown accounts hardwired into it. The email is succinct but appears to confirm that the attacks target devices that are internet-facing/connected. Specifically, they are in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. In an email, the company said that the targeted devices include appliances fitted with remote management or are SSL VPN enabled. Network device manufacturer Zyxel, is warning customers of active and ongoing attacks targetted at a range of the company’s firewalls and other types of security devices.
0 Comments
Leave a Reply. |