“Since 2019, we have seen the consistent use of SSL-VPN vulnerabilities from Citrix, Pulse Secure and Fortinet being leveraged by a variety of attackers, from ransomware affiliates to advanced persistent threat groups and nation-state actors aligned with countries like Russia, Iran and China.
“The public-facing nature of these assets makes them ripe targets for attacks. From a cost perspective, investing in the development or procurement of zero-day vulnerabilities is certainly higher, whereas utilising publicly available exploit code for legacy vulnerabilities costs nothing. In that sense, it is surprising to see a nation-state actor with ties to China leveraging a zero-day, though it is not unexpected.
“Organisations that utilise SSL-VPN software should prioritise patching these devices in a timely manner to limit the exploitation window for opportunistic attackers while also ensuring a robust incident response program is in place to respond to security incidents.” — Satnam Narang, Sr. Staff Research Engineer at Tenable