Metropolitan Transportation Authority (MTA) systems in New York City were hacked using a vulnerability in Pulse Secure VPN. The hackers did not gain access to systems that control trains and the personal data of riders was not compromised.
Other news reports that 16 malware families from China are being used to infect Pulse Secure VPN appliances.
System administrators are urged to follow the “Forensics, Remediation, and Hardening Guidelines” in this article:
FireEye Blog: Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
Chinese hackers used Pulse Secure zero day vulnerability to infiltrate MTA systems
CISA-FireEye: 16 malware families from China infect Pulse Secure VPN appliances