Chinese-backed threat actors breached New York City’s Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet.
MTA mitigated the vulnerability on April 21, one day after Pulse Secure issued an advisory, and CISA published an alert on the Pulse Secure zero-day exploited in the attack.
Additionally, existing security systems also hindered the attackers’ attempts to move through the network.
Source: Bleeping Computer