Attackers are targeting Zyxel security appliances with remote management or SSL VPN enabled in the USG/ZyWALL, USG FLEX, ATP, and VPN series. The threat actor attempts to access a device through WAN.
▪ Attackers are targeting Zyxel security appliances firewall and VPNs with remote management or SSL VPN enabled.
▪ The attacks affect organizations using Unified Security Gateway (USG), ZyWALL, the USG FLEX combined firewall and VPN gateway, Advanced Threat Protection (ATP) firewalls, and VPN series devices running its ZLD firmware.
▪ Attackers can take advantage of VPN, Routing and Traffic issues or Unknown Configuration parameters and Unknown Admin Accounts to carry out successful attack.
▪ Maintaining proper security policy for remote access can reduce the risk of successful attack.