APT5, also known as Manganese, is a group of Chinese state-sponsored hackers. They are exploiting vulnerabilities in Fortinet and Pulse Secure VPN servers to harvest files with password information or VPN session data.
What is happening?
However, it is uncertain if the group was successful in taking control of devices using the stolen files.
What did Fortinet and Pulse Secure do?
Both the targeted VPN servers are highly popular in the market, with renowned organizations and government departments making use of them.
The issues were reported to both Fortinet and Pulse Secure in March by security experts at Devcore. Pulse Secure released a security patch in April, closely followed by Fortinet in May. But most organizations did not install the patches, with many of them being unaware that a patch was available. To assist their customers with applying the patch, Pulse Secure and Fortinet have taken various steps such as posting blogs and closely working with customers.
However, APT5 and other hackers are still able to harvest information from a lot of organizations, who are yet to install the security fix.
What should organizations do?
If your organization is using the VPN server of either Fortinet or Pulse Server, make sure the latest security patch is installed. This shields your network from not just APT5, but many other hackers who are looking for a vulnerability to exploit, and harvest data.