Researchers spot Helldown exploiting Zyxel VPN to breach networks
The flaw was previously undisclosed
The crooks mostly target SMBs in the US and Europe
There appears to be a new ransomware player in town, exploiting vulnerabilities in Zyxel firewalls and IPSec access points to compromise victims, steal their data, and encrypt their systems.
The group is called Helldown, and has been active since summer 2023, a new report from cybersecurity researchers has revealed Sekoia, noting the group most likely uses a previously undisclosed vulnerability in Zyxel’s firewalls for initial access.
