Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Encryption

Iran Has Been Targeting VPN Servers to Plant Backdoors (zdnet.com) 49

"A new report published today reveals that Iran's government-backed hacking units have made a top priority last year to exploit VPN bugs as soon as they became public in order to infiltrate and plant backdoors in companies all over the world," writes ZDNet: According to a report from Israeli cyber-security firm ClearSky, Iranian hackers have targeted companies "from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors." The report comes to dispel the notion that Iranian hackers are not sophisticated, and less talented than their Russian, Chinese, or North Korean counterparts. ClearSky says that "Iranian APT groups have developed good technical offensive capabilities and are able to exploit 1-day vulnerabilities in relatively short periods of time." [ATP stands for "advanced persistent threat" and is often used to describe nation-state backed cyberattackers.]

In some instances, ClearSky says it observed Iranian groups exploiting VPN flaws within hours after the bugs have been publicly disclosed...

According to the ClearSky report, the purpose of these attacks is to breach enterprise networks, move laterally throughout their internal systems, and plant backdoors to exploit at a later date.

This discussion has been archived. No new comments can be posted.

Iran Has Been Targeting VPN Servers to Plant Backdoors

Comments Filter:
  • by thesjaakspoiler ( 4782965 ) on Sunday February 16, 2020 @07:31PM (#59734300)

    The US OWNS the whole internet from day 1.
    Planting backdoors in all vital Cisco equipment about which the media suddenly stays silent.

    • You and I might not like it, but he's factually correct.

      Don't we all have our own filter bubble that we'd like to keep. ;)

      You know, that is why Russian or Iranian people are more likeable.
      They know their government is a piece of shit. They would never downmod somebody who said something like this about their government. They'd probably only complain because they already said that and said it first. :)
      And call everyone who goes "yay Russia/Iran leaders" a nutter.

      It's only Americans who collectively got this

      • by DrMrLordX ( 559371 ) on Monday February 17, 2020 @01:02AM (#59734714)

        Which Americans? There's an entire political party dedicated to the idea of being at least closet anti-American.

        Furthermore, the GP is committing a fallacy by assuming that, because the United States has backdoors in Cisco equipment (and elsewhere) that Iran isn't somehow trying to infiltrate VPNs. It's completely orthogonal to the story, which is why he was down-modded.

      • Oh look, it's one of Putin's useful idiots. Good job throwing Iran in there, too. You know they put gays in prison for being gay, right? Way to stick up for them!
      • by Ogive17 ( 691899 )
        It's off-topic. The article is about Iran. If you want to bash the US, submit an article about the US doing something sketchy (should be easy enough).
  • by rsilvergun ( 571051 ) on Sunday February 16, 2020 @07:32PM (#59734304)
    and China. And North Korea. And Germany. And I'm pretty sure if we looked into it we could find Denmark and Somaliland had.

    Just saying we should be wary of these sorts of stories cropping up about Iran in particular. The current administration still would very much like a war, especially one before November.
    • by cusco ( 717999 )

      According to a report from Israeli cyber-security firm ClearSky

      Well, we can throw these allegations out the window. They may actually be infiltrating VPNs, but I'm not going to take the word of a group of ex-Mossad and IDF for it especially when they don't seem to be offering any sort of proof. This is likely about as reliable as Memri's insertion of "wipe Israel off the map" into a speech when that idiom doesn't even exist in Farsi.

    • and China. And North Korea. And Germany. And I'm pretty sure if we looked into it we could find Denmark and Somaliland had. Just saying we should be wary of these sorts of stories cropping up about Iran in particular. The current administration still would very much like a war, especially one before November.

      Um, no, it would not like a war.

      It was the previous one that enjoyed blowing things up, while still deliberately remaining weak. The current one prefers being strong and therefore deterring war when possible.

      It's the dems who are floundering and need an October surprise. I'm sure they'll come up with several ...

  • Using a VPN... (Score:4, Insightful)

    by DogDude ( 805747 ) on Sunday February 16, 2020 @08:07PM (#59734378)
    ... that you don't own isn't really a great idea. That seems like a lot of risk to go through for what most people use VPN's for.
    • This is about corporate VPNs... but sure, VPN services do little more than hack geolocation for most people, so it is sufficient to not own it yourself. It can also deal with traffic management issues and casual snooping. (Example: using a VPN might prevent a hotel with a lot of cameras from being able to also link screen data to IP traffic, so they might not get the full picture of what is going on as I check bank data or whatever, since they don’t even get DNS requests to work from.)

      But, I sure wi

      • by rtb61 ( 674572 )

        Here let me correct the line in the article "According to a report from Israeli cyber-security firm ClearSky, "Israeli hackers pretending to be Iranian hackers" have targeted companies "from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors."

        Like anyone is stupid enough to believe anything from a country corrupt enough to claim self defence when shooting protestors using snipers at long range, yeah they felt threatened because there were rocks in the field inbetween the snip

        • Yes, that's it. It's the one progressive democratic country in the Middle East that's causing all the problems, not the stone age terrorist wackjobs. You figured it out.

      • by AmiMoJo ( 196126 )

        You are a copyright troll looking for some victims to sue. You see a connection from an IP address but it traces back to a VPN service that says it doesn't log and isn't legally obligated to help you. How do you sue them?

        You are a copyright troll looking for some victims to sue. You see a connection from an IP address that belongs to a well known ISP. Reverse lookup even gives you the name of the suburb. How do you sue them?

        • Sure, it goes back to the purpose. Me, I am not concerned about Studio W going after me for a license violation of Netflix showing me a movie.

    • by AmiMoJo ( 196126 )

      Not owning the VPN is actually the point of a lot of these services.

      For anonymity it helps to mix your traffic in with a bunch of other people's and making tracing any of it to billing information impossible.

  • by weilawei ( 897823 ) on Sunday February 16, 2020 @08:31PM (#59734404)

    No, it stands for "adenosine triphosphate".

    • by needev ( 6182230 )
      Airline Transport Pilot
      • No, it stands for "adenosine triphosphate".

        Airline Transport Pilot

        All This, Plus:

        Association of Tennis Professionals

        Automatic Train Protection

        At This Point

        and a few NSFW items such as this [urbandictionary.com].

        But hey, it's a holiday in the US and the PoTUS would approve of the last one, so click away.

  • by nehumanuscrede ( 624750 ) on Sunday February 16, 2020 @09:01PM (#59734430)

    Considering most major companies, especially the Telecom industry, have so much outsourcing in India and Random-istan, that all you need to do to gain access to the networks in question is simply bribe an employee. Trust me when I tell you they have access to EVERYTHING.

    Considering where said employees live, it wouldn't even cost all that much to do it.

  • In the last 3 years with the 120+ cores that I manage the only time I have detected a hack was on an Ubuntu 16.04 system running OpenVPN. Somebody managed to force a bitcoin miner into it. I never learned what the exploit was but now I wonder if it is still there.

  • I have no doubt in Iran's government trying such things. They're not nice people.

    Just ... You mean an Israeli hacking firm that probably sold it to them in the first place or sees them as direct competition or worse. ;)

    Aka as pot and kettle situation. Except both are actually latrines. And the shit is overflowing at the top.

  • How is this different from what the US is doing? They also target VPN networks, hell they even buy security companies and plant their own backdoors into the software/hardware those companies deliver to their customers... So stop pointing fingers if you're doing it yourself too..
  • By "safe" I mean run by a financially stable company and uses opensource encryption that can be audited/verified?

    Most seem to be fly by night companies that could evaporate at the flip of a switch.

    Maybe ill just roll my own

  • According to a report from Israeli cyber-security firm ClearSky .. bla bla bla cyberBS

You are always doing something marginal when the boss drops by your desk.

Working...