Sangfor Technologies and its customers have been a victim of a sophisticated targeted attack that leverages vulnerabilities within Sangfor’s SSL VPN equipment and its client agent. In response, Sangfor set up an emergency incident response team to immediately address this issue.

 

Within 48 hours of notification, Sangfor has completed a comprehensive security risk audit of our impacted solutions and released a repair patch for SSL VPN products. After installing the repair patch to upgrade the SSL VPN product, customers can automatically update and restore the compromised clients to block similar attacks. In addition to the repair patch, Sangfor has also launched a set of security solutions against this type of attack, including tamper-detection tools and malware removal tools, which customers can install and customize to their requirements, allowing eliminating security risks at multiple levels. Furthermore, Sangfor offers complementary incident response services for any customers who have suffered incidents as a result of this compromise.

 

Impact

 

Based on security analysis from Sangfor blue team, very few customers suffered from a set of sophisticated and targeted attacks by a coordinated team of attackers with advanced skillsets. A software vulnerability was found in the digital signature verification mechanism of SSL VPN clients. However, a successful attack must require administrative credentials to the SSL VPN devices, making this attack extremely difficult to replicate.

 

Sangfor’s analysis concludes that the majority of Sangfor SSL VPN customers have not been compromised. However, all customers with outdated patches should upgrade their systems accordingly.

 

Solution Guide for Existing Sangfor SSL VPN Customers

 

24/7 Expert Technical Support

Any existing SSL VPN customers have access to a 24x7 security service hotline. Most customers are encouraged to contact our online remote assistance to help in confirming their security posture. While we are confident that most of our customers have not been breached, we do offer an onsite incident response for those who have been compromised.

 

Here is the local number and TAC information in each region:

 

Local Support

•Hong Kong & Macau & Taiwan +852-69701738

•Thailand: +66 (0) 6-0002-4050

•Malaysia:+ 60 163368835

•Indonesia: +62 856-4560-0296

•Philippines: +63 917-6899-911

•Singapore: +65 627-69133

•Vietnam: +84 0902037476

•Myanmar: +09 795409606

•EMEA: +971 585849698

 

Global Technical Assistance Center

•+60 127117511

•+60 127117129

 

For other regions/countries, you can contact the above Global Customer Service team. Also, affected users can also reach us by email: tech.support@sangfor.com.

 

Using Malware Removal Tools

Sangfor has released 32-bit and 64-bit system malware removal tools to help customers to eliminate the malicious files. If the equipment was confirmed to have been infected with malicious files through self-detection, please install the malware removal tools to eliminate the threat. Please contact Sangfor support by sending an email to tech.support@sangfor.com to download it.

 

Sangfor Endpoint Secure platform can also detect and kill the malicious file. Endpoint Secure users need only update the rule base version to 20200406135939 or above to remove the malicious Trojans across the entire network.

 

Advice for All Customers

Sangfor reminds our customers to follow best security practices, updating their critical servers and infrastructures to the latest software patch, using strong passwords and changing them frequently, validating and auditing your security controls regularly.

 

About Sangfor

Sangfor, a worldwide leader in cloud computing, security, and infrastructure solutions, always put the security of our customers at the heart of our business strategy and will continue to carry out a comprehensive review of existing products and more stringent verification tests. We are committed to providing our customers with more secure products, services, and solutions.

 

For more information or media inquiries, please contact us at pr@sangfor.com.

 

Sangfor Technologies Inc.

April 07, 2020

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

Cyber Security

Retail Cybersecurity–Risks and Data Breaches in E-commerce

Date : 21 Nov 2024
Read Now
Cyber Security

UN and WHO Warn of Ransomware Healthcare Crisis Becoming a Global Threat

Date : 18 Nov 2024
Read Now
Cyber Security

Election Security: Cyber Fraud Through AI, Deep Fakes, and Social Engineering

Date : 13 Nov 2024
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure