The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have published a warning regarding attacks to certain VPN products by a known threat actor based in Iran. The CISA warning is here for reference. Once it has attacked the specified vulnerabilities, the threat actor is able “to gain initial access to targeted networks and then maintained access within the successfully exploited networks for several months using multiple means of persistence,” according to CISA.
Having such an actor explore a company’s network for months on end presents potentially serious issues regarding the security of company and customer confidential data, trade secrets and other intellectual property, and privacy of regulated personal information about consumers and other stakeholders. Organizations using the identified systems are advised of the issue so that they can identify any attacks on their systems and safeguard against future issues.