The short history of large -scale hackers

There are corporate network security tools, such as routers, firewalls, and VPNs to protect the company's network from invaders and malicious hackers. This is particularly important in today's extensive remote and mixed work era.

However, although it is used as a tool to help the organization from the security of external threats, many of the products have discovered software errors that contain networks that allow malicious hackers to damage these products.

In recent years, these errors have been accused of explosion of large -scale hackers. Therefore, malicious hackers have abused these security defects that are usually easy to explore to break into thousands of organizations and steal sensitive company data.

We summarize the short history of large -scale hackers and update this article in an inevitable situation.

One of the earliest people in the past decade is that the infamous ransomware staff uses the vulnerability in Fortra's Goanywhere custody file transmission software. The product is used to share large -scale files and product -sensitive data sets through Internet and sensitive data sets. Essence The multi -produced CLOP ransomware gang used the error to compromise more than 130 organizations and stole personal data of millions of people. The vulnerability is used as a zero day, which means that Fortra has no time to repair it before being attacked. Cloup later released data that stole the victims who did not ransom to hackers. Hitachi Energy, Security Giant Rubrik, and NATIONBEENFITs, headquartered in Florida, reported the invasion caused by the goods number software.

May 2023: Moveit defect allows the data of 60 million people to theft

Moveit's masses are still one of the largest large -scale outbreaks ever in history. Hackers abuse their defects in another widely used file transmission software developed by Progress software to steal thousands of organizations. According to the network security company EMSISOFT, the CLOP ransomware group once again demanded an attack, which uses Moveit vulnerability to steal more than 60 million people. After confirming that hackers visited the protected health information of up to 11 million people, the U.S. government signed a giant Maxims as the biggest victim of Moveit's violations.

October 2023: Cisco exposes thousands of routers to take over

Volkswagen crime lasts until the second half of 2023. Hackers use the unsatisfactory zero fragility throughout the CISCO network software throughout October to compromise tens of thousands of equipment. Tens of thousands of equipment depends on the software, such as Enterprise Switches, Wireless Controller, access points, access points, access points and industrial routers. The error was awarded the attacker "fully controlled the damaged equipment." Although Cisco did not confirm how many customers were affected by defects, Censys (search engines for equipment and assets for Internet connection) said it had observed nearly 42,000 damaged devices in contact with Internet.

The inventory image of Cisco logo, signed from the ceiling of the conference center
Image source: RAMON COSTA/SOPA image/Lightrocket via Getty image)

November 2023: Ratch software gangs use CITRIX error

Large enterprises and governments are used to apply for delivery and VPN connectivity Citrix NetScaler. After November 2023, only one month later became the latest Mass-Hack target. The error is called "CitrixbleEd" from the sensitive information of the affected NetScaler system. Aerospace Giant Boeing, law firm Allen & Overy, and Chinese industrial and commercial banks are considered victims.

January 2024: Chinese hacker develops Ivanti VPN vulnerabilities to illegal companies

The hacker supported by Chinese countries began in Ivanti's Corporate Connect Secure VPN Appliance, and Ivanti became the name of a mass crime. Ivanti said at the time that only limited customers were affected, but network security company Volexity found that more than 1,700 IVANTI devices in the world were used, affecting the organizations of aerospace, banks, defense and telecommunications. U.S. government agencies have the operation of the affected IVANTI system, and ordered the system to eliminate these systems immediately. Since then, the exploitation of these vulnerabilities is related to the spy tissue (called Salt Typhoon) supported by China, and recently discovered that the organization has been invaded by hackers at least 9 US telecommunications companies.

In February 2024, hackers targeting two "easy to explore" vulnerabilities in Connectwise ScreenConnect. This is a popular remote access tool that allows them to provide technical personnel to provide technical help directly on the customer system. Network Security Giant Mandiant said that at that time, his researchers observed the "determining large -scale exploitation" of these two defects. These defects were abused by various threats to participants and stealing passwords to steal passwords, back doors and ransom from some cases in some cases. software.

Hacker (again) hit Ivanti customers with fresh mistakes

Ivanti once again became headlines-at the same time in February 2024-attackers used another loophole in their widely used enterprise VPN devices to promote their customers. Shadowserver Foundation is a non -profit organization, scanning and monitoring Internet development, and told TechCrunch when observing more than 630 unique IP addresses to try to use the server -side defects, which can access the equipment and systems, so that the equipment and system can be used. The system has a surface access to be protected by fragile Ivanti device.

November 2024: Palo Alto firewall vulnerability caused thousands of companies to be in danger

In the later 2024, hackers damaged thousands of organizations by using two zero vulnerabilities in software used by network security giants Palo Alto and global customers. The vulnerability in Pan-OS is an operating system running on all Palo Alto's next-generation firewall, allowing attackers to compromise and compromise and penetrate sensitive data from the company's network. According to researchers at the Security Company Watchtowr Lab, the patch of Palo Alto was reversed. These defects were due to basic errors in the development process.

December 2024: CLOP compromise Cleo customers

In December 2024, the Clop Ransomware gang targeted another popular file transmission technology to launch a new large -scale hacker wave. This time, the gang used the defects in the tools made by Cleo Software, an Elino corporate software manufacturer, to target customers of dozens of companies. By early January 2025, CLOP listed nearly 60 CLEO companies, which are said to have compromised, including the US supply chain software giant Blue Blue Yonder and the German manufacturing giant Covestro. By the end of January, Clop added 50 other victims of Cleo Mass-Hack at the scene of its dark website.

Photos from Germany from Covestro outer headquarters in Germany.
Image source: Alex Kraus/Bloomberg through Getty image

January 2025: New Year, the new Ivanti Bugs is attacked

The new year began to become the victim of Ivanti hackers-again. The American software giant reminded customers early January 2025 that hackers are using new zero -day vulnerabilities in its VPN equipment to violate its corporate customers' network. Ivati said that "limited customers" were affected, but they refused how much. Shadower Foundation said its data shows hundreds of rear customer systems.

Fortinet firewall error that has been used since December

A few days after Ivanti's latest error was disclosed, Fortine confirmed that hackers had used the fragility in its firewall alone to break into the network of its company and corporate customers. According to the data of the security research company, the defect has affected the Fortigate Firewall of Cyber ​​Security Company. Since December 2024, it has been "large -scale use" to zero date since December 2024. Fortinet refused to disclose how many customers were affected, but the Security Research Company investigated the observed attacks, which affected the invasion of the "dozens of" invasion that affected the affected equipment.

Sonicwall said hackers are being long -range hackers

In January 2025, it is still a busy month for the use of wrong hackers in corporate security software. Sonicwall said in late January that the hacker who has not yet been determined is using the vulnerability of newly discovered in its enterprise products to break into its customer network. Sonicwall said that the vulnerability that affects Sonicwall's SMA1000 remote access device was discovered by Microsoft's threat researchers and "was confirmed to be actively used in the wild." The company has not yet said how many customers have been affected, or whether the company has the ability to confirm technology, but there are more than 2,300 devices that contact the Internet. This error may become the latest mass in 2025. Essence