The FBI today alerted the private sector to a sophisticated and aggressive nation-state campaign targeting known critical and common vulnerabilities in virtual private networks, initially reported by the government last year.
The FBI expects this group will likely conduct aggressive operations leveraging the vulnerabilities before they are widely patched, and could provide stolen data and network access to a hostile nation state or other malicious actors who could use ransomware against compromised networks.
“This FBI report is very serious as it continues to highlight the potential cyber risk exposure of expanded virtual networks that have become ubiquitous in our COVID-19 world,” said John Riggi, AHA senior advisor for cyber and risk. “This report also highlights the need to have an effective and fast patch management program. Our adversaries’ overall strategy is straightforward and clear — use known vulnerabilities and just get in before we patch.”
For more information on this and other cyber and risk issues, contact Riggi at firstname.lastname@example.org.