Iran Hackers Put Backdoors in VPN Servers

Marco Green
February 19, 2020

A report from CyberSecurity firm called ClearSky reveals that Iranian state-backed hackers had breached into many corporate networks via flawed VPN servers and planted backdoors for future exploitation.

According to the report, Iranian hackers targeted the company operating in the field of information technology, telecommunications, oil, natural gas, aviation and security past year.

The campaign, dubbed Fox Kitten, was first noticed in the fourth quarter of 2019, although it represents the continuation of attacks that have been running for the past three years, targeting dozens of companies in Israel and around the world. The report shows that Iranian hackers are as unsafe as Russian, Chinese or North Korean hackers.

The campaign was conducted by using a variety of offensive tools, most of which open-source code-based and some self-developed. A new report released by the Israeli-based cyber security firm ClearSky reveals that Iran's state-sponsored hacker army has exploited security flaws in VPN services a year ago to infiltrate companies around the world and enter backdoors.

Iranian hackers
The Iranian APT groups have succeeded to penetrate and steal information from dozens of companies around the world in the past three years. Pixabay

"As a result, identifying and closing one access point does not necessarily deny the capability to carry on operations inside the network".

As per the report, the cyberattack campaign also included some infrastructure which was used to develop and maintain access routes to the targeted organizations, steal valuable information from the targeted organizations, maintain a long-lasting foothold at the targeted organizations and breach additional companies through supply-chain attacks.

ClearSky says Iranian hackers supported by the state have improved their attack capabilities and were able to exploit vulnerabilities in a very short time. However, there is also a possibility that it is just one group which "was artificially marked in recent years as two or three separate APT groups".

According to a ZDNet report, Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies.

Other reports by Click Lancashire

Discuss This Article