Cybercrime

CISA Details Additional Malware Targeting Pulse Secure Appliances

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released five new analysis reports detailing malware discovered on compromised Pulse Secure devices.

Ionut Arghire

August 26, 2021

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released five new analysis reports detailing malware discovered on compromised Pulse Secure devices.

Adversaries have been targeting Pulse Connect Secure VPN appliances to exploit various vulnerabilities, including a couple of security holes discovered earlier this year, specifically CVE-2021-22893 and CVE-2021-22937.

In April this year, CISA released an alert on attacks targeting Pulse Secure devices, complemented with indicators of compromise (IOCs) and information on the malware used by attackers, and this week the agency published details on five additional malware samples.

Two of the samples, CISA reveals, are maliciously modified Pulse Secure files retrieved from infected devices, both of which function as credential harvesters. One of the files also acts as a backdoor, providing attackers with remote access to the compromised device.

Another file contained a malicious shell script that could log usernames and passwords. A third sample involved multiple files, including some consisting of a shell script that would modify a Pulse Secure file to become a webshell. One file was designed to intercept certificate-based multi-factor authentication, while others would parse incoming web request data.

The fifth sample consisted of two Perl scripts designed to execute attacker commands, a Perl library, a Perl script, and a shell script designed to manipulate and execute the ‘/bin/umount’ file.

CISA’s five malware analysis reports (MARs) include details on the tactics, techniques, and procedures (TTPs) employed by adversaries, as well as IOCs. The agency encourages users and administrators to review the provided information, as well as previously published alerts.

Pulse Secure, which was acquired last year by Ivanti, has released a tool that helps customers identify compromised appliances.

Advertisement. Scroll to continue reading.

Written By Ionut Arghire

Ionut Arghire is an international correspondent for SecurityWeek.

Latest News

Click to comment

Virtual Event: Cyber AI & Automation Summit

Wednesday, December 6, 2023

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Virtual Event: Cyber Insurance & Liability Summit

Wednesday, January 17, 2024

As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.

Five Cybersecurity Predictions for 2024

Cybersecurity predictions for 2024 to help security professionals in prioritizing efforts to navigate the ever-changing threat landscape. (Torsten George)

Humans Are Notoriously Bad at Assessing Risk

When too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality. (Joshua Goldfarb)

5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms

It's crucial to thoroughly assess the risk profiles of various SSE platforms and weigh their suitability against their organization's risk tolerance before adopting SSE. (Etay Maor)

Threat Intel: To Share or Not to Share is Not the Question

To share or not to share threat intelligence isn’t the question. It’s how to share, what to share, where and with whom. (Marc Solomon)

Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation

By embracing a strategy that combines technological advancements with critical thinking skills, collaboration, and a culture of continuous learning, organizations can safeguard against AI's disruptive effects. (Rik Ferguson)

Cybercrime

Cyber Insights 2023 | Ransomware

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Kevin TownsendFebruary 2, 2023

Cybercrime

Cyber Insights 2023 | The Coming of Web3

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Kevin TownsendFebruary 6, 2023

Vulnerabilities

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

SecurityWeek NewsMarch 26, 2014

Cybercrime

Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Eduard KovacsOctober 1, 2019

Cybercrime

Neiman Marcus Says Hackers Breached Customer Accounts

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Eduard KovacsFebruary 2, 2016

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Eduard KovacsMarch 28, 2023

Risk Management

Cyber Insights 2023 | Supply Chain Security

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Kevin TownsendFebruary 2, 2023

IoT Security

16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Ionut ArghireJanuary 5, 2023

SECURITYWEEK NETWORK:

ICS:

SecurityWeek

Cybercrime

CISA Details Additional Malware Targeting Pulse Secure Appliances

More from Ionut Arghire

Latest News

Virtual Event: Cyber AI & Automation Summit

Virtual Event: Cyber Insurance & Liability Summit

Expert Insights

Five Cybersecurity Predictions for 2024

Humans Are Notoriously Bad at Assessing Risk

5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms

Threat Intel: To Share or Not to Share is Not the Question

Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation

Related Content

Cybercrime

Cyber Insights 2023 | Ransomware

Cybercrime

Cyber Insights 2023 | The Coming of Web3

Vulnerabilities

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Cybercrime

Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

Cybercrime

Neiman Marcus Says Hackers Breached Customer Accounts

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

Risk Management

Cyber Insights 2023 | Supply Chain Security

IoT Security

16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure

SECURITYWEEK NETWORK:

ICS:

More from Ionut Arghire

Latest News

Trending

Daily Briefing Newsletter

Virtual Event: Cyber AI & Automation Summit

Virtual Event: Cyber Insurance & Liability Summit

Expert Insights

Five Cybersecurity Predictions for 2024

Humans Are Notoriously Bad at Assessing Risk

5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms

Threat Intel: To Share or Not to Share is Not the Question

Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation

Related Content

Cybercrime

Cyber Insights 2023 | Ransomware

Cybercrime

Cyber Insights 2023 | The Coming of Web3

Vulnerabilities

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Cybercrime

Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

Cybercrime

Neiman Marcus Says Hackers Breached Customer Accounts

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

Risk Management

Cyber Insights 2023 | Supply Chain Security

IoT Security

16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure