Cybersecurity firm FireEye said it is tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices.
The Office of Cybersecurity and Critical Infrastructure (OCCIP) continues to closely monitor the ongoing exploitation of the Pulse Connect Secure (PCS) software. Threat actors are leveraging several vulnerabilities including the previously disclosed CVE-2019-11510, CVE-2020-8260, and CVE-2020-8243, as well as a newly discovered zero-day vulnerability CVE 2021-22893 to place web shells on the Pulse Connect Secure (PCS) appliance for persistence and further access.
Although there are no reported victims in the financial services sector as of now, PCS is heavily used throughout the sector. OCCIP will continue to work with sector and interagency partners to monitor the exploitation of this vulnerability and will adjust its assessment as more facts become known. To aid in your identification and detection efforts, OCCIP would like to highlight the most relevant open source information on the ongoing Pulse Connect Secure incident.
OCCIP remains interested in additional information from our stakeholders in the financial services sector on this vulnerability and associated assessments, including any potential indicators of compromise your organization may observe. If you would like to provide information from your institution’s perspective, please contact us at OCCIP-Coord@treasury.gov, or through the OCCIP hotline at (202) 622-3000. If you would prefer that your information be shared with OCCIP anonymously, please reach out to the FS-ISAC at firstname.lastname@example.org.
Date/Time: Thursday, April 22, 2021 (4:00pm EST)
Participant Toll Free Dial in Number: 1-800-857-6546 (passcode 6112112)
International Dial in Number: 1-212-547-0388 (passcode 6112112)