Security company ClearSky has released few days ago a very detailed report about Iranian hackers Group that have targeted large companies from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world in order to plant backdoors.

In this post, we will show you how our vFeed indicators could have been very effective to avoid such hacks and enrich intelligence solutions with vulnerability metadata such as CVSS3.1 scoring, patches, PoC & exploits, signatures to scan weak points, ATT&CK identifiers, YARA signatures, IPS rules and more.

As stated in the report, the “Fox Kitten Campaign” leveraged 4 CVEs in order to exploit the attack vectors that led to large servers compromise. The Group have targeted the following vulnerabilities

  • Critical Pulse Secure VPN Vulnerability (CVE-2019-11510)
  • Critical Pre-Authentication Vulnerability in Palo Alto Networks GlobalProtect SSL VPN (CVE-2019-1579)
  • Fortinet FortiOS Directory Traversal Vulnerability (CVE-2018-13379)
  • Unauthenticated Remote Code Execution Vulnerability in Citrix ADCs and Gateways (CVE-2019-19781)

Critical Pulse Secure VPN Vulnerability (CVE-2019-11510)

Critical Pre-Authentication Vulnerability in Palo Alto Networks GlobalProtect SSL VPN (CVE-2019-1579)

Fortinet FortiOS Directory Traversal Vulnerability (CVE-2018-13379)

Unauthenticated Remote Code Execution Vulnerability in Citrix ADCs and Gateways (CVE-2019-19781)