In a new support note, the company said that a “sophisticated threat actor” was targeting Zyxel security appliances with remote management or SSL VPN enabled. The attacks affect organizations using Unified Security Gateway (USG), ZyWALL, the USG FLEX combined firewall and VPN gateway, Advanced Threat Protection (ATP) firewalls, and VPN series devices running its ZLD firmware. SEE: Network security policy (TechRepublic Premium) “The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as"zyxel_sllvpn”, “zyxel_ts”, or “zyxel_vpn_test”, to manipulate the device’s configuration....