Zyxel VPN security flaw targets new ransomware attackers


  • Researchers see that Helldown abuses Zyxel VPN to break networks
  • The error was previously undisclosed
  • The scammers mainly target SMEs in the US and Europe

There appears to be a new ransomware player in town that is exploiting vulnerabilities in Zyxel firewalls and IPSec access points to compromise victims, steal their data, and encrypt their systems.

The group is called Helldown and has been active since the summer of 2023. A new report from cybersecurity researchers has exposed Sekoia, noting that the group is most likely using a previously undisclosed vulnerability in Zyxel’s firewalls for initial access.