The attacks are being carried out against Chinese government interests worldwide, according to Qihoo 360. The attacks began in March on a Chinese VPN provider called SangFor, used by a number of Chinese governmental agencies. At least 200 VPN servers connecting to multiple endpoints were compromised as of the first week of April. The attack was carried out using a zero-day exploit, the firm found, adding that the campaign is complex and required a good deal of skill to execute. The vulnerability exists in an update that is triggered automatically when the VPN client starts to connect to the server.
Source: https://threatpost.com/government-vpn-servers-zero-day-attack/154472/