U.S. information security provider “FireEye” (FireEye) brand McDiant (Mandiant) said today that Chinese hackers suspected of infiltrating the virtual private network (VPN) of private enterprises, a move to invade the computer network of the U.S. defense industry.
AFP reported that Mandiant found that at least two hacker groups had hacked into VPN security devices made by Pulse Secure through malware, and that one of the hacker groups was believed to be under the command of Chinese Communist Party officials.
The hacker group used malware to attempt to hijack the identities of users and administrators and gain access to the systems of several companies in the U.S. defense industry, in addition to government and financial institutions in the U.S. and Europe, which were also targeted during the period from October last year to March this year, according to McDean.
Calling one of the hacker groups UNC2630, McDean said, “We suspect that UNC2630 is operating on behalf of the Chinese government and may be linked to APT5.” APT5 is an officially funded Chinese Communist hacker group.
McDean mentioned that a “trusted third party” also believes the incident is linked to APT5.
APT5 continues to target high-value corporate networks and has repeatedly breached them over the years,” McDean said. The primary targets appear to be aerospace and defense companies located in the United States, Europe and Asia.”
But McDean noted that there is not enough information to identify the mastermind behind some of the malware.
According to the Associated Press, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) later issued an alert saying they were aware that Pulse Secure “continues to be used to compromise U.S. government agencies, critical infrastructure entities and private businesses,” but did not specify which agencies had been compromised.
Pulse Secure, which is part of Utah-based information software company Ivanti, confirmed that the main points of the McDean report were true, noting that the company had issued patches to its products and that a “limited number” of customers were affected.
Recent Comments