Experts at Volexity discovered a hacking campaign targeting the CISCO WebVPN VPN product, attackers aim to steal corporate login credentials. The attackers installed a backdoor to gather employees login credentials while the victims access internal web resources, browse internal file shares, and launch plug-ins. The hackers modified the Cisco WebVPN login pages to load JavaScript code associated with the reconnaissance framework called Scanbox that is very popular among Chinese APTs. The malicious JavaScript is hosted on an external website and accessed only via secure HTTPS connections.”]
Source: https://securityaffairs.co/wordpress/40876/cyber-crime/hacking-cisco-webvpn.html