State-sponsored advanced persistent threat (APT) groups are using flaws in outdated VPN technologies to carry out cyber attacks on targets in the U.S. and overseas. The National Security Agency issued a Cybersecurity Advisory Monday about the threats and offered mitigation suggestions. The U.K. National Cyber Security Centre in the United Kingdom posted a separate warning. The flaws allow an attacker to use those stolen credentials to connect to the VPN and change configuration settings or even connect to other infrastructure on the network.
Source: https://threatpost.com/apt-groups-exploiting-flaws-in-unpatched-vpns-officials-warn/148956/