News Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack

News - Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack - TheJavaSea Forum, Gaming Laptops & PCs Reviews, Linux Tutorials, Network Hacks, Hacking, Leaks, Proxies, Domains & Webhosting, Coding Tutorials, SEO Tips & Hacks, Security TIPS and much more.


Joined: Mar 15, 2021
Messages: 1,050
Resources: 405
Points: 113
Reaction score: 1,306

Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers.

Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet.

"The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as 'zyxel_slIvpn', 'zyxel_ts', or 'zyxel_vpn_test', to manipulate the device's configuration," Zyxel said in an email message, which was shared on Twitter.


As of writing, it's not immediately known if the attacks are exploiting previously known vulnerabilities in Zyxel devices or if they leverage a zero-day flaw to breach the systems. Also unclear is the scale of the attack and the number of users affected.

To reduce the attack surface, the company is recommending customers to disable HTTP/HTTPS services from the WAN and implement a list of restricted geo-IP to enable remote access only from trusted locations.
  • Tags
    cyber attack cyberattack firewall news under vpns zyxel
  • Top