Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Iranian hackers have been hacking VPN servers to plant backdoors

21 Feb 2020   #1
Brink

64-bit Windows 10 Pro
 
 
Iranian hackers have been hacking VPN servers to plant backdoors

Quote:
2019 will be remembered as the year when major security bugs were disclosed in a large number of enterprise VPN servers, such as those sold by Pulse Secure, Palo Alto Networks, Fortinet, and Citrix.

A new report published today reveals that Iran's government-backed hacking units have made a top priority last year to exploit VPN bugs as soon as they became public in order to infiltrate and plant backdoors in companies all over the world.

According to a report from cyber-security firm ClearSky, Iranian hackers have targeted companies "from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors."

SOME ATTACKS HAPPENED HOURS AFTER PUBLIC DISCLOSURE

The report comes to dispel the notion that Iranian hackers are not sophisticated, and less talented than their Russian, Chinese, or North Korean counterparts.

ClearSky says that "Iranian APT groups have developed good technical offensive capabilities and are able to exploit 1-day vulnerabilities in relatively short periods of time."

In some instances, ClearSky says it observed Iranian groups exploiting VPN flaws within hours after the bugs been publicly disclosed.

*APT stands for advanced persistent threat and is a term often used to describe nation-state hacking units

ClearSky says that in 2019, Iranian groups were quick to weaponize vulnerabilities disclosed in the Pulse Secure "Connect" VPN (CVE-2019-11510), the Fortinet FortiOS VPN (CVE-2018-13379), and Palo Alto Networks "Global Protect" VPN (CVE-2019-1579).

Attacks against these systems began last summer, when details about the bugs were made public, but they've also continued in 2020.

Furthermore, as details about other VPN flaws were made public, Iranian groups also included these exploits in their attacks (namely CVE-2019-19781, a vulnerability disclosed in Citrix "ADC" VPNs).


Read more:


My System SpecsSystem Spec
.
21 Feb 2020   #2
F22 Simpilot

Windows 7 Ultimate x64
 
 

Too bad for Iran having so many back doors open that show up at Shodan. If the U.S. Cyber Command wanted they could fry their electric grid.

It's really a game of tit-for-tat. Nothing new, really. Russia does it, China does it and we do it. It's the 21st century and the new ground war is in cyberspace as well, and it's moving too space above.
My System SpecsSystem Spec
24 Feb 2020   #3
Diosoth

Windows 7 Home Premium x64
 
 

VPNs have become an unreliable gimmick, it seems. Many of them were found to be keeping detailed records and handing them over to anyone who asked, making the purpose of a VPN useless. Nord's refusal to keep records whatsoever caused them problems in the long run and most are targeted by foreign governments for spying purposes.
My System SpecsSystem Spec
.

25 Feb 2020   #4
F22 Simpilot

Windows 7 Ultimate x64
 
 

You have to do some serious research when choosing a VPN. Most people don't and have NO idea about the technology or how things in your browser called WebRTC, canavs fingerprints, etc, etc can and WILL rat you out.

I wrote a little bit about how to chose a good VPN on my own forum here: https://cyberpcforum.com/viewtopic.php?p=1491#p1491

With VPNs being all the rage now a days and being marketed like no other to the ignorant masses, I have to wonder how many spammers came to this thread and tried to post. LOL

Taken from a great movie. "It's a brave new world out there. At least it better be."

Quote   Quote: Originally Posted by Diosoth View Post
in the long run and most are targeted by foreign governments for spying purposes.

When I had a blog I wrote a five to six paragraph entry on why you can't trust Tor. Believe me. Not only do the FBI have their mitts in it but so does the NSA. And anyone can be an exit node and sniff the traffic.

If I want to be ultra stealthily I'll fire up my VPN and chose a non five yeas jurisdiction location and run Tor at the same time. So the Tor exit node doesn't see my traffic since the VPN has encrypted it and no Tor server knows where my true location is.
My System SpecsSystem Spec
25 Feb 2020   #5
F22 Simpilot

Windows 7 Ultimate x64
 
 

The VPNs talked about here in this thread opening are not consumer VPNs but rather corporate VPNs which would be ripe for attacking.

Better to roll your own technology and know your code and patch anything you find no matter how small.
My System SpecsSystem Spec
27 Feb 2020   #6
Jaidee

Windows 7 Home Premium 32 and 64bit
 
 

Quote   Quote: Originally Posted by F22 Simpilot View Post
I wrote a little bit about how to chose a good VPN on my own forum here: https://cyberpcforum.com/viewtopic.php?p=1491#p1491
When I tried to go to your link (using Windscribe VPN) I get this -


Error 1005 Ray ID: 56b827af7d2335b2 2020-02-27 06:38:17 UTC
Access denied
What happened?

The owner of this website (cyberpcforum.com) has banned the autonomous system number (ASN) your IP address is in (60068) from accessing this website.
My System SpecsSystem Spec
27 Feb 2020   #7
Golden
Microsoft MVP

Windows 10 Pro x64 ; Xubuntu x64
 
 

Instead of going the VPN route, try using DNS over HTTPS instead, which gives you the same benefit depeding on the DNS resolver you use. That way you don't have to choose a VPN provider that logs all your data anyway, or a VPN provider that is malicious.

How To Enable DNS Over HTTPS In Your Web Browser | Lifehacker Australia
My System SpecsSystem Spec
.
27 Feb 2020   #8
F22 Simpilot

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Jaidee View Post
When I tried to go to your link (using Windscribe VPN) I get this -


Error 1005 Ray ID: 56b827af7d2335b2 • 2020-02-27 06:38:17 UTC
Access denied
What happened?

The owner of this website (cyberpcforum.com) has banned the autonomous system number (ASN) your IP address is in (60068) from accessing this website.

Because I block many hosters/CDNs, VPNs get caught up in the mix and thus you were blocked. So use a normal IP address instead.

I don't allow Tor either.
My System SpecsSystem Spec
Reply

 Iranian hackers have been hacking VPN servers to plant backdoors




Thread Tools




Similar help and support threads
Thread Forum
plant vs zombie 2
Canola oil is an excellent lubricant
Gaming
Twinkies are back: Hostess plant in Columbus, Ga., will reopen in July
Do you miss Twinkies? This may be good news. MORE
Chillout Room
Many backdoors/various Trojans/rootkit. Shutdowner present
To start off, I got this virus a few weeks ago. My graphics card's fan failed and I fixed it by now. This virus entered my system by what I assume was an e-mail link. I was receiving various random junk mails that I tried to unsubscribe from. A few minutes later weird sounds and advertisements...
System Security
Former Pentagon analyst: China has backdoors to 80% of telecoms
Source A Guy
Chillout Room
Anti-U.S. Hackers Infiltrate Army Servers
Anti-U.S. Hackers Infiltrate Army Servers Where the Hell was the Intrusion Detection Systems, dumbasses
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 22:03.
Twitter Facebook