Tech

The lesser-known cyber espionage campaign blaming China was much wider than expected

Richmond, Virginia — Cyber ​​spying blaming China is more widespread than previously known, with state-backed hackers strengthening Internet security to break into computers of key U.S. entities. There was a suspicion of misusing the device for the purpose of.

Cyber ​​spying blaming China is more widespread than previously known, preventing state-sponsored hackers to strengthen Internet security and break into computers of key U.S. entities. There was a suspicion of misusing the intended device.

Hacking of Pulse Connect Secure Networking devices was revealed in April, but its scope is just beginning to become apparent. The Associated Press learned that hackers have targeted telecommunications giant Verizon and the country’s largest water department. Earlier this month, there was news that the country’s largest subway system had also been breached.

Dozens of other high-value entities, which have not yet been named, are also part of the Pulse Secure breach used by many businesses and governments for secure remote access to networks, according to security researchers. Was targeted.

New details on Pulse Secure Hack are coming during a period of tension between the United States and China. President Biden made checking China’s growth a top priority, saying China’s ambition to become the wealthiest and most powerful country in the world “doesn’t happen under my watch.”

It is unknown which sensitive information was accessed. Some targets say there was no evidence that the data was stolen. That uncertainty is common in cyber espionage, and if data loss is discovered, it can take months to identify it. Ivanti, owner of Utah-based Pulse Connect Secure, declined to comment on the affected customers.

But even if sensitive information is not compromised, experts can build a foothold in a network of important organizations where hackers may find secrets interesting to China for commercial and national security reasons. He says he is worried that he was able to do it.

Mandiant Chief Technology Officer Charles Carmacal said he first announced a hacking campaign in April.

Pulse Secure hacking has been largely overlooked, but a series of headlined ransomware attacks against critical US infrastructure, including those on major fuel pipelines that have caused widespread shortages at gas stations. It highlights cyber vulnerabilities. The US government is also investigating the impact of the SolarWinds hacking campaign launched by Russian cyber espionage. The campaign continued most of 2020, invading dozens of private businesses, think tanks, and at least nine US government agencies.

China has a long history of spying on the United States using the Internet, showing “a prolific and effective cyber espionage threat,” the Director of National Intelligence said in its latest annual threat assessment. ..

Six years ago, Chinese hackers stole millions of federal employee background checks from the Human Resources Department. And last year, the Justice Department said it worked with the Chinese government to target companies developing coronavirus vaccines and steal hundreds of millions of dollars worth of intellectual property and business secrets from companies around the world2. Indicted a human hacker.

The Chinese government has denied its role in the pulse hacking campaign, and the US government has not declared its formal attribution.

In the Pulse campaign, according to security experts, sophisticated hackers were very enthusiastic about exploiting unprecedented vulnerabilities to break in and hide their footprints after the breakthrough.

Adrian Nishi, Cyber ​​Head of BAE Systems Applied Intelligence, said: “This is a very targeted attack on dozens of networks that have some form of national importance.”

Potential victim

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an April alert on pulse hacking, “affecting many U.S. government agencies, key infrastructure entities, and other private organizations. He said he was aware of the promise. Authorities have stated that at least five federal agencies have identified potential signs of unauthorized access since then, but have not stated which ones.

Verizon said he discovered a Pulse-related breach in one of the labs, but was quickly quarantined from the core network. According to the company, there was no access or theft of data or customer information.

“We know that malicious people are trying to put our system at risk,” said Rich Young, a Verizon spokesman. “That’s why Internet operators, private sectors, and all individuals need to be vigilant in this area.”

Southern California’s Metropolitan Water District supplies 19 million people and operates some of the world’s largest treatment plants, a breached pulse secure appliance after CISA warned in April Said to have found. Spokeswoman Rebecca Kimitch said the appliance was quickly taken out of service and the metropolitan systems and processes were not known to be affected. “There were no known data leaks,” she said.

The Metropolitan Transportation Authority in New York also said it had not found evidence that valuable data or customer information had been stolen. The breach was first reported by the .

BAE security expert Nish said the hacker could have breached the network but couldn’t steal the data immediately for operational reasons. He compared it to a criminal who broke into the house but stopped in the hallway.

“It’s still pretty bad,” Nish said.

Mandiant said he found signs of data extraction from several targets. The company and BAE have identified hacking campaign targets in several areas, including finance, technology, defense companies, and local governments.Some targets were in Europe, but most were in the United States

At least one major municipality has argued that it is the target of pulse secure hacking. Montgomery County, Maryland, said it had been advised by the CISA that the pulse secure device had been attacked. However, county spokesman Scott Peterson said the county did not find evidence of compromise and said there were “false reports” in the CISA. The CISA did not respond directly to the county statement.

Hacking of Pulse Connect Secure Networking devices was revealed in April, but its scope is just beginning to become apparent. The Associated Press learned that hackers have targeted telecommunications giant Verizon and the country’s largest water department. Earlier this month, there was news that the country’s largest subway system had also been breached.

Dozens of other high-value entities, which have not yet been named, are also part of the Pulse Secure breach used by many businesses and governments for secure remote access to networks, according to security researchers. Was targeted.

New details on Pulse Secure Hack are coming during a period of tension between the United States and China. President Biden made checking China’s growth a top priority, saying China’s ambition to become the wealthiest and most powerful country in the world “doesn’t happen under my watch.”

It is unknown which sensitive information was accessed. Some targets say there was no evidence that the data was stolen. That uncertainty is common in cyber espionage, and if data loss is discovered, it can take months to identify it. Ivanti, owner of Utah-based Pulse Connect Secure, declined to comment on the affected customers.

But even if sensitive information is not compromised, experts can build a foothold in a network of important organizations where hackers may find secrets interesting to China for commercial and national security reasons. He says he is worried that he was able to do it.

Mandiant Chief Technology Officer Charles Carmacal said he first announced a hacking campaign in April.

Pulse Secure hacking has been largely overlooked, but a series of headlined ransomware attacks against critical US infrastructure, including those on major fuel pipelines that have caused widespread shortages at gas stations. It highlights cyber vulnerabilities. The US government is also investigating the impact of the SolarWinds hacking campaign launched by Russian cyber espionage. The campaign continued most of 2020, invading dozens of private businesses, think tanks, and at least nine US government agencies.

China has a long history of spying on the United States using the Internet, showing “a prolific and effective cyber espionage threat,” the Director of National Intelligence said in its latest annual threat assessment. ..

Six years ago, Chinese hackers stole millions of federal employee background checks from the Human Resources Department. And last year, the Justice Department said it worked with the Chinese government to target companies developing coronavirus vaccines and steal hundreds of millions of dollars worth of intellectual property and business secrets from companies around the world2. Indicted a human hacker.

The Chinese government has denied its role in the pulse hacking campaign, and the US government has not declared its formal attribution.

In the Pulse campaign, according to security experts, sophisticated hackers were very enthusiastic about exploiting unprecedented vulnerabilities to break in and hide their footprints after the breakthrough.

Adrian Nishi, Cyber ​​Head of BAE Systems Applied Intelligence, said: “This is a very targeted attack on dozens of networks that have some form of national importance.”

Potential victim

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an April alert on pulse hacking, “affecting many U.S. government agencies, key infrastructure entities, and other private organizations. He said he was aware of the promise. Authorities have stated that at least five federal agencies have identified potential signs of unauthorized access since then, but have not stated which ones.

Verizon said he discovered a Pulse-related breach in one of the labs, but was quickly quarantined from the core network. According to the company, there was no access or theft of data or customer information.

“We know that malicious people are trying to put our system at risk,” said Rich Young, a Verizon spokesman. “That’s why Internet operators, private sectors, and all individuals need to be vigilant in this area.”

Southern California’s Metropolitan Water District supplies 19 million people and operates some of the world’s largest treatment plants, a breached pulse secure appliance after CISA warned in April Said to have found. Spokeswoman Rebecca Kimitch said the appliance was quickly taken out of service and the metropolitan systems and processes were not known to be affected. “There were no known data leaks,” she said.

The Metropolitan Transportation Authority in New York also said it had not found evidence that valuable data or customer information had been stolen. The breach was first reported by the .

BAE security expert Nish said the hacker could have breached the network but couldn’t steal the data immediately for operational reasons. He compared it to a criminal who broke into the house but stopped in the hallway.

“It’s still pretty bad,” Nish said.

Mandiant said he found signs of data extraction from several targets. The company and BAE have identified hacking campaign targets in several areas, including finance, technology, defense companies, and local governments.Some targets were in Europe, but most were in the United States

At least one major municipality has argued that it is the target of pulse secure hacking. Montgomery County, Maryland, said it had been advised by the CISA that the pulse secure device had been attacked. However, county spokesman Scott Peterson said the county did not find evidence of compromise and said there were “false reports” in the CISA.

The CISA did not respond directly to the county statement.

The lesser-known cyber espionage campaign blaming China was much wider than expected

Source link The lesser-known cyber espionage campaign blaming China was much wider than expected

Back to top button