FBI: Nation-state cyber campaign targeting virtual private networks

Aug 03, 2020 - 11:19 PM
Cybersecurity lock in cloud with finger tapping on it.

The FBI today alerted the private sector to a sophisticated and aggressive nation-state campaign targeting known critical and common vulnerabilities in virtual private networks, initially reported by the government last year.

The FBI expects this group will likely conduct aggressive operations leveraging the vulnerabilities before they are widely patched, and could provide stolen data and network access to a hostile nation state or other malicious actors who could use ransomware against compromised networks. 

“This FBI report is very serious as it continues to highlight the potential cyber risk exposure of expanded virtual networks that have become ubiquitous in our COVID-19 world,” said John Riggi, AHA senior advisor for cyber and risk. “This report also highlights the need to have an effective and fast patch management program. Our adversaries’ overall strategy is straightforward and clear — use known vulnerabilities and just get in before we patch.”

For more information on this and other cyber and risk issues, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
AHA podcast: How Simulation Is Transforming Patient Safety and Emergency Readiness
Kelley Sava, associate vice president of simulation at Advocate Health, and Brian Bjoern, M.D., patient safety manager at Laerdal Medical, share how simulation…
Headline
CISA warns of vulnerability in F5 BIG-IP products
The Cybersecurity and Infrastructure Security Agency Oct. 15 released an emergency directive advising federal agencies to take stock of their F5 BIG-IP…
Headline
Virtual conference on risk management to be held in November
The AHA’s American Society for Healthcare Risk Management will host the ASHRM25 Virtual Conference Nov. 5-7. This event, designed for health care leaders in…
Headline
AHA blog: 2025 Cybersecurity Year in Review, Part One — Breaches and Defensive Measures
In part one of a new blog, John Riggi, AHA national advisor for cybersecurity and risk, and Scott Gee, AHA deputy national advisor for cybersecurity and risk,…
Perspective
Protecting Patients and Hospitals from Cyberattacks
Public
This week, the FBI issued an urgent warning to all users — including hospitals — of a critical security soft spot within Oracle’s E-Business Suite, stating “…
Headline
HSCC launches toolkit to strengthen essential health care services and prevent cyberattacks
The Health Sector Coordinating Council Oct. 7 released its Sector Mapping and Risk Toolkit, created to help health care providers and other organizations…