FBI: Nation-state cyber campaign targeting virtual private networks

Aug 03, 2020 - 11:19 PM
Cybersecurity lock in cloud with finger tapping on it.

The FBI today alerted the private sector to a sophisticated and aggressive nation-state campaign targeting known critical and common vulnerabilities in virtual private networks, initially reported by the government last year.

The FBI expects this group will likely conduct aggressive operations leveraging the vulnerabilities before they are widely patched, and could provide stolen data and network access to a hostile nation state or other malicious actors who could use ransomware against compromised networks. 

“This FBI report is very serious as it continues to highlight the potential cyber risk exposure of expanded virtual networks that have become ubiquitous in our COVID-19 world,” said John Riggi, AHA senior advisor for cyber and risk. “This report also highlights the need to have an effective and fast patch management program. Our adversaries’ overall strategy is straightforward and clear — use known vulnerabilities and just get in before we patch.”

For more information on this and other cyber and risk issues, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
Microsoft says China-based threat actors behind SharePoint attacks 
Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based…
Headline
Agencies warn of activity by Interlock ransomware
The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center…
Headline
Microsoft issues alert on vulnerabilities in ongoing SharePoint attacks 
Microsoft July 19 issued an alert about active attacks from vulnerabilities targeting SharePoint servers used within organizations. The incidents have not…
Headline
AHA blog: Why and How to Incorporate Physical Security Risk into Your Enterprise Risk Management
In his latest AHA Cyber and Risk Intel blog, Scott Gee, AHA deputy national advisor for cybersecurity and risk, explains how hospitals can prepare for and…
Headline
AHA resource provides strategies, best practices on sepsis care from Ochsner Health
To help hospitals across the country improve sepsis care, the Centers for Disease Control and Prevention created the Hospital Sepsis Program Core Elements,…
AHA Cyber Intel
Why and How to Incorporate Physical Security Risk into Your Enterprise Risk Management
In today’s heightened threat environment, driven by domestic and geopolitical issues, it is more critical than ever for hospitals to prepare for and mitigate…