Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found.
The malware got caught in a honeypot, allowing researchers to analyze and document the tactics used by the threat actors.
They’re exploiting CVE-2019-11510, a critical vulnerability affecting earlier versions of Pulse Secure VPN that was patched in April 2019. Companies delayed updating their software even after exploits became public, prompting multiple alerts from the U.S. government and threat actors started leveraging it; some organizations continue to run a vulnerable version of the product.
Source: Bleeping Computer