- Joined
- Jun 13, 2020
- Messages
- 8,048
- Reaction score
- 1,022
- Points
- 212
- Awards
- 2
The list was published on a Russian-language hacker forum, which is often visited by ransomware operators.
The hacker published on an underground Russian-language forum a list of usernames and passwords, as well as IP addresses for more than 900 corporate Pulse Secure VPN servers.
According to the ZDNet edition, which confirmed the authenticity of the data, the list includes the IP addresses of Pulse Secure VPN servers, information about the firmware version of Pulse Secure VPN servers, SSH keys for each server, a list of all local users and their password hashes, administrator account details, cookies - VPN session files, etc.
The list was discovered by an analyst using the pseudonym Bank Security, which specializes in financial crime. According to the expert, all Pulse Secure VPN servers included in the list use a firmware version containing the CVE-2019-11510 vulnerability.
The expert believes that the hacker scanned the Network for vulnerable Pulse Secure VPN servers, exploited the CVE-2019-11510 vulnerability to access systems, and then stole data from the server and collected all the information in one storage.
As noted by the publication, the list was published on a hacker forum, which is often visited by ransomware operators. For example, REvil (Sodinokibi), NetWalker, Lockbit, Avaddon, Makop and Exorcist communicate in this forum and use it to hire developers and find clients.
__________________
The hacker published on an underground Russian-language forum a list of usernames and passwords, as well as IP addresses for more than 900 corporate Pulse Secure VPN servers.
According to the ZDNet edition, which confirmed the authenticity of the data, the list includes the IP addresses of Pulse Secure VPN servers, information about the firmware version of Pulse Secure VPN servers, SSH keys for each server, a list of all local users and their password hashes, administrator account details, cookies - VPN session files, etc.
The list was discovered by an analyst using the pseudonym Bank Security, which specializes in financial crime. According to the expert, all Pulse Secure VPN servers included in the list use a firmware version containing the CVE-2019-11510 vulnerability.
The expert believes that the hacker scanned the Network for vulnerable Pulse Secure VPN servers, exploited the CVE-2019-11510 vulnerability to access systems, and then stole data from the server and collected all the information in one storage.
As noted by the publication, the list was published on a hacker forum, which is often visited by ransomware operators. For example, REvil (Sodinokibi), NetWalker, Lockbit, Avaddon, Makop and Exorcist communicate in this forum and use it to hire developers and find clients.
__________________