{"id":124241,"date":"2021-06-25T05:23:14","date_gmt":"2021-06-25T12:23:14","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2021\/06\/hackers-are-using-unknown-user-accounts-to-target-zyxel-firewalls-and-vpns"},"modified":"2021-06-25T05:23:14","modified_gmt":"2021-06-25T12:23:14","slug":"hackers-are-using-unknown-user-accounts-to-target-zyxel-firewalls-and-vpns","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2021\/06\/hackers-are-using-unknown-user-accounts-to-target-zyxel-firewalls-and-vpns","title":{"rendered":"Hackers are using unknown user accounts to target Zyxel firewalls and VPNs"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/hackers-are-using-unknown-user-accounts-to-target-zyxel-firewalls-and-vpns2.jpg\"><\/a><\/p>\n<p>In an email, the company said that targeted devices included security appliances that have remote management or SSL VPN enabled, namely in the USG\/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. The language in the email is terse, but it appears to say that the attacks target devices that are exposed to the Internet. When the attackers succeed in accessing the device, the email further appears to say, they are then able to connect to previously unknown accounts hardwired into the devices.<\/p>\n<p><b>Batten down the hatches<\/b><\/p>\n<p>\u201cWe\u2019re aware of the situation and have been working our best to investigate and resolve it,\u201d the email, which was <a href=\"https:\/\/twitter.com\/JAMESWT_MHT\/status\/1407987022170578946\">posted to Twitter<\/a>, said. \u201cThe threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as \u2018zyxel_silvpn,\u2019 \u2018zyxel_ts,\u2019 or \u2018zyxel_vpn_test,\u2019 to manipulate the device\u2019s configuration.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In an email, the company said that targeted devices included security appliances that have remote management or SSL VPN enabled, namely in the USG\/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. The language in the email is terse, but it appears to say that the attacks target devices that are exposed to [\u2026]<\/p>\n","protected":false},"author":396,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[418,1492],"tags":[],"class_list":["post-124241","post","type-post","status-publish","format-standard","hentry","category-internet","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/124241","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/396"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=124241"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/124241\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=124241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=124241"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=124241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}