Pulse Secure VPN zero-day used to hack government organizations and defense firms
Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices. These families are related to the circumvention of authentication and backdoor access to these devices, but they are not necessarily related to each other and have been observed in separate investigations. It is likely that multiple actors are responsible for the creation and deployment of these various code families, Mandiant says.
An attacker could exploit these vulnerabilities to gain persistent system access and take control of the enterprise network operating the vulnerable PCS device. These vulnerabilities are being exploited in the wild.