Zyxel has issued a warning to customers about threats targeting a subset of security appliances with remote management or SSL VPN enabled.
A sophisticated threat actor is targeting USG FLEX, USG/ZyWALL, VPN and ATP series devices running on-premises ZLD firmware, according to a letter addressed to customers, which security researcher JAMESWT released on Twitter.
Zyxel has begun an investigation into the attacks and is trying to remedy the problem. “Based on our investigation so far, we believe maintaining a proper security policy for remote access is currently the most effective way to reduce the attack surface,” the company said.
The company did not specify whether the attackers are attempting to exploit known or unknown flaws in enterprise appliances.
To Read More: Securityweek