The Pentagon with the Washington Monument and National Mall in the background. Pulse Secure on Monday released a patch for the zero-day vulnerability that hackers used to access the networks of U.S. defense contractors and other government agencies worldwide. (U.S. Air Force Photo by Senior Airman Perry Aston)

Pulse Secure on Monday released a patch for the zero-day vulnerability that hackers used to access the networks of U.S. defense contractors and other government agencies worldwide.

In a blog posted April 20, FireEye said Chinese-based UNC2630 leveraged CVE-2021-22893 to gain access to Pulse Secure VPN equiptment and move laterally. A second threat actor, UNC2717, was also identified exploiting Pulse Secure VPN equipment, but FireEye could not connect them to UNC2630.