Security firm ClearSky says at least three advanced persistent threat groups are targeting unpatched VPN servers and Citrix remote gateways. ClearSky researchers say they’ve seen attackers hitting targets in the U.S., Israel, Australia, Saudi Arabia, Lebanon, Kuwait, Kuwait. The goal of planting backdoors in VPN servers is to steal data and maintain a long-term presence, researchers say. The campaign was discovered by industrial cybersecurity firm Dragos, which refers to these attacks as Parisite.”]
Source: https://www.cuinfosecurity.com/unpatched-vpn-servers-hit-by-apparent-iranian-apt-groups-a-13733