Hackers are using unknown user accounts to target Zyxel firewalls and VPNs

by
Dan Goodin
from Ars Technica - All content on (#5KG85)
zywall-800x387.jpeg

Enlarge (credit: Zyxel)

Network device maker Zyxel is warning customers of active and ongoing attacks that are targeting a range of the company's firewalls and other types of security appliances.

In an email, the company said that targeted devices included security appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. The language in the email is terse, but it appears to say that the attacks target devices that are exposed to the Internet. When the attackers succeed in accessing the device, the email further appears to say, they are then able to connect to previously unknown accounts hardwired into the devices.

Batten down the hatches

We're aware of the situation and have been working our best to investigate and resolve it," the email, which was posted to Twitter, said. The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as zyxel_silvpn,' zyxel_ts,' or zyxel_vpn_test,' to manipulate the device's configuration."

Read 6 remaining paragraphs | Comments

index?i=h0Uk4OHrHvM:gHd0LU-N6Ng:V_sGLiPB index?i=h0Uk4OHrHvM:gHd0LU-N6Ng:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments