FBI: Nation-state cyber campaign targeting virtual private networks

Aug 03, 2020 - 11:19 PM

The FBI today alerted the private sector to a sophisticated and aggressive nation-state campaign targeting known critical and common vulnerabilities in virtual private networks, initially reported by the government last year.

The FBI expects this group will likely conduct aggressive operations leveraging the vulnerabilities before they are widely patched, and could provide stolen data and network access to a hostile nation state or other malicious actors who could use ransomware against compromised networks. 

“This FBI report is very serious as it continues to highlight the potential cyber risk exposure of expanded virtual networks that have become ubiquitous in our COVID-19 world,” said John Riggi, AHA senior advisor for cyber and risk. “This report also highlights the need to have an effective and fast patch management program. Our adversaries’ overall strategy is straightforward and clear — use known vulnerabilities and just get in before we patch.”

For more information on this and other cyber and risk issues, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
Agencies issue advisories on Conti ransomware, sanctions risks
The Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency yesterday issued an advisory to help organizations secure their…
Headline
New AHA podcast highlights cyber threats to hospitals, health systems  
John Riggi, AHA’s senior advisory for cyber security and risk, speaks with Edward You, supervisory special agent in the FBI’s Weapons of Mass Destruction…
Headline
FDA: Certain COVID-19 tests must evaluate how variants affect performance
The Food and Drug Administration today required certain COVID-19 test developers to evaluate how SARS-CoV-2 mutations impact their test’s performance and…
Headline
White House, technology companies announce cybersecurity initiatives
The National Institute of Standards and Technology will work with technology leaders to develop a framework to improve security in the technology supply chain…
Headline
FBI alerts organizations to new ransomware threat
The FBI today released an alert on Hive ransomware, which uses mechanisms such as phishing emails with malicious attachments and Remote Desktop Protocol to…
Headline
FBI alerts organizations to OnePercent Group ransomware attacks, mitigations
The FBI yesterday alerted U.S. organizations to ransomware attacks by a group using phishing emails to access victim networks and download Cobalt Strike threat…