Chinese-backed threat actors breached New York City’s Metropolitan Transportation Authority network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet. The attack was the result of the third attack on the authority’s network in recent years, MTA officials told the NY Times. The MTA mitigated the vulnerability on April 21, one day after Pulse Secure issued an advisory and CISA published an alert on the vulnerability. CISA also updated mitigation measures shared in its alert and urges organizations to check the guidance published by Ivanti.
Source: https://www.bleepingcomputer.com/news/security/chinese-threat-actors-hacked-nyc-mta-using-pulse-secure-zero-day/