Multiple vulnerabilities were discovered in some of the world's most popular VPN providers, which could allow hackers to steal victim credentials and run other forms of malware on vulnerable machines.
The existence of the vulnerabilities was confirmed in an announcement by the National Cyber Security Centre (NCSC). The announcement claims that vulnerabilities were spotted in solutions built by Pulse Secure, Fortinet and Palo Alto.
The vulnerabilities can be used by hackers to retrieve arbitrary files, including those holding login information and credentials. After retrieving the credentials, hackers can then connect to the VPN and change configuration settings, or even run secondary exploits.
The NCSC says there are Advanced Persistent Threat (APT) actors that are exploiting the vulnerabilities, and they're allegedly targeting UK and international organisations in the government, military, business and healthcare industries.
Hundreds of UK hosts may be vulnerable, it was added.
To mitigate these vulnerabilities, owners of vulnerable products should take two steps, the first of which being to apply the latest security patches. For the second step, owners should reset all credentials associated with the affected VPNs, and the accounts that connect through them.
“Any current activity related to these threats should be reported via the NCSC website here where the NCSC can offer help and guidance”, the announcement reads.
“The NCSC is also interested in receiving indicators of compromise and threat intelligence, even if the activity has already been remediated.”