NSA Warns of Vulnerabilities in Multiple VPN Services

Nation-state actors are actively exploiting vulnerabilities in three different virtual private network services to gain access to users’ devices, according to the National Security Agency.

In an advisory issued Monday, NSA said international hackers were taking advantage of bugs in older versions of virtual private network applications produced by Pulse Secure, Fortinet and Palo Alto Networks. Users of the products are “strongly recommended” to update their systems, the agency said.

Virtual private networks, or VPNs, allow users to safely share data across public Wi-Fi and other potentially insecure networks.

According to the advisory, the vulnerability in the Pulse Secure product allows nefarious actors to remotely execute code and download files, as well as intercept encrypted network traffic. The bugs in the other two systems both allow for remote code execution, the NSA said.

The National Cyber Security Centre, a component of the United Kingdom’s intelligence agency, the GCHQ, published its own warning about the vulnerabilities on Oct. 2. The NSCS advisory said the exploits could allow hackers to download user credentials. 

After upgrading to the latest version of the VPN software, users should reset their credentials before reconnecting to the network, NSA said. The agency also listed a handful of other protective measures users can take to prevent nefarious actors from infiltrating their devices.

Neither NSA nor NCSC disclosed which foreign actors were exploiting the vulnerabilities, though the advisories come roughly a month after reports that a Chinese hacker ring known as APT5 was targeting Fortinet and Pulse Secure servers. According to the cybersecurity company FireEye, the group has been active since 2007 and targets organizations across numerous industries, with a particular focus on the tech and telecom sectors.