Level 36
Microsoft has started to send targeted notifications to dozens of hospitals about vulnerable public-facing VPN devices and gateways located on their network.

As part of their tracking of various groups behind human-operated ransomware attacks, Microsoft has seen one of the operations known as REvil (Sodinokibi) targeting vulnerabilities in VPN devices and gateway appliances to breach a network.

Pulse VPN devices have been known to be targeted by threat actors, with this vulnerability thought to be behind the Travelex ransomware attack by REvil.
Other attackers such as DoppelPaymer and Ragnarok Ransomware were also seen in the past utilizing the Citrix ADC (NetScaler) CVE-2019-1978 vulnerability to compromise a network.
... ...