Preface: It looks that who have vaccine of COVID-19 will be grant the dominance of the world.
Reference: DVC APIs will help you to implement modules on the server and client side of a Remote Desktop Services connection that communicate with each other.A remote code execution vulnerability exists in Remote Desktop Services. When an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests,…… (CVE-2019-1182)
Description: Perhaps my research does not clearly reflect the actual status of the current malicious goal. However every people is looking for vaccine. My personal interest bring my attention to a malware so called “SOREFANG”. It looks that a vendor became a victim of this case. It was because attacker or APT group do a re-engineering their VPN software. As a matter of fact, their company footprint a large in China. The details of my observation and research are written down on attached diagram. For those who is interested. Please refer attached diagram for reference.
Highlight: Vendor announcement : The only vulnerable servers are the Sangfor servers running firmware versions M6.1 and M6.3R1. The statement revealed that other servers are clean and are not affected by the zero-day used by attacker.