Suspected Communist Party-backed hackers exploited a vulnerability in a popular piece of working software to conduct months-long surveillance of dozens of senior government, defense industry and financial sector units in the United States and Europe, according to a new report from cybersecurity firm FireEye. (NICOLAS ASFOURI/AFP via GettyImages)
Hackers suspected of being backed by the Chinese Communist Party exploited a vulnerability in a popular piece of working software to spy on dozens of senior government, defense industry and financial sector units in the United States and Europe for months, according to a new report by cybersecurity firm FireEye.
The alarming report, released Tuesday (April 20), follows the SolarWinds hack and the Chinese Communist hack of Microsoft, another massive cybersecurity crisis for the United States.
The U.S. Department of Homeland Security’s Cybersecurity Directorate later that day on Tuesday confirmed that cyber hackers exploited a VPN weakness at Utah-based Ivanti Software to break into computer systems in U.S. government departments, critical infrastructure sectors and some private sector.
Since March 31 of this year, the department has helped multiple hacked U.S. departments and agencies deal with the aftermath, the statement said, adding that the cybersecurity agency urged network administrators in the relevant departments to look for signs of compromise by running a special program and installing the emergency resolution program released by Ivanti.
In a statement, Ivanti said hackers exploited three known vulnerabilities and one previously unknown vulnerability in its Pulse Connect Secure suite to gain access to “a very limited number of customers” systems. The company has taken steps to patch the security vulnerabilities in its encrypted communications devices, and the U.S. Cyber Security Agency is assisting in the process.
Neither the U.S. Cybersecurity Agency nor Ivanti mentioned details such as the source of the hack.
But cybersecurity firm FireEye said it was suspected to be the work of a state-sponsored Chinese Communist hacking group. They began accessing targets through the Pulse Connect Secure device last October and monitored the computer systems of some U.S. defense contractors using the device until it was discovered in March of this year.
The Chinese embassy in the United States denies this.
Reuters reported that Charles Carmakal, senior vice president of the fire-eye branching agency Mandiant, said the hackers who carried out the attack through Pulse Connect Secure were extremely sophisticated, using its access to steal account credentials and other sensitive data from victim organizations, and were able to circumvent multiple elements of authentication, even if the software was reset or upgraded, it can also hide in the infiltrated network. “These hackers are highly skilled and have deep technical knowledge of Pulse Connect Secure products,” Karmakar said.
Kamaka also said the available evidence suggests that the hackers are in cahoots with the Chinese Communist government. By reviewing the tactics, tools, infrastructure and targets used by the hackers, FireEye analysts found that many of them were consistent with the cyber intrusion techniques used by APT15, the Chinese Communist Party’s hacking agency.
Recent Comments