New attack campaign targets a widely used VPN product by Cisco Systems to install backdoors that collect employees’ usernames and passwords used to login to corporate networks. The product in question is Cisco Systems’ Web-based VPN Clientless SSL VPN. The backdoor contains malicious JavaScript code that attackers used to inject into the login pages. Once injected, the backdoor is hard to detect because the malicious JavaScript is hosted on an external compromised website and accessed only via secure HTTPS connections. Infected Targets include hospitals, universities, NGOs and non-governmental organizations.
Source: https://thehackernews.com/2015/10/virtual-private-networks-hacking.html