Zyxel VPN security flaw targeted by new ransomware attackers
techradar.com
- Researchers spot Helldown exploiting Zyxel VPN to breach networks
- The flaw was previously undisclosed
- The crooks mostly target SMBs in the US and Europe
There appears to be a new ransomware player in town, exploiting vulnerabilities in Zyxel firewalls and IPSec access points to compromise victims, steal their data, and encrypt their systems.
The group is called Helldown, and has been active since summer 2023, a new report from cybersecurity researchers has revealed Sekoia, noting the group most likely uses a previously undisclosed vulnerability in Zyxel’s firewalls for initial access.
Furthermore, the group seems to be exploiting CVE-2024-42057, a command injection bug in IPSec VPN that, in certain scenarios, grants unauthenticated users the ability to run OS commands.
Dozens of victims
When they breach a target network, they steal as many files as they can, and encrypt the system. For encryption, they seem to be using a piece of ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE