The FireEye Mandiant team has discovered multiple threat actors exploiting a zero-day vulnerability in Pulse Secure VPN appliances. Multiple sites in the USA and European Union have been targeted. The attack infrastructure is very sophisticated. The attacks persist in the VPN appliances, even across software updates, they change read-only. The lesson for industrial sites is simple ‘ we need remote access protections that are stronger than two-factor authentication if we want to avoid being at risk. The world will be a safer place when more industrial sites are protected.
Source: https://www.helpnetsecurity.com/2021/04/22/critical-infrastructure-implications-of-the-pulse-secure-multi-factor-authentication-bypass/