At least two groups of Chinese-linked hackers have spent months using a previously undisclosed vulnerability in U.S. network devices to spy on the U.S. defense industry, researchers and device manufacturers said Tuesday.
Utah-based IT company Ivanti said in a statement that hackers took advantage of the failure of its Pulse Connect Secure virtual private network device set to break into the systems of a “very limited number of customers. ”.
Ivanti said that although there were mitigations, a solution to the problem would not be available until early May.
Ivanti did not provide any details about who could be responsible for the espionage campaign, but in a timed report in Ivanti’s announcement, cybersecurity company FireEye (FEYE.O) said it suspected that at least one of piracy groups would operate on behalf of the Chinese government.
“The other one we suspect is aligned with China-based initiatives and collections,” Charles Carmakal of FireEye said before the report was released.
Linking hackers to a particular country is fraught with uncertainty, but Carmakal said his analysts ‘judgment was based on an analysis of hackers’ tactics, tools, infrastructure and goals, many of which echoed the intrusions related to China.
The Chinese embassy in Washington did not immediately respond to a request for comment. Beijing routinely denies conducting hacking operations.
FireEye declined to name the targets of hackers, identifying them only as “defense, governmental and financial organizations around the world.” He said the group of suspected hackers working on behalf of Beijing focused especially on the U.S. defense industry.
In a statement, the cybersecurity arm of the Department of Homeland Security said it was working with Ivanti “to better understand the vulnerability of VPN Pulse Secure devices and mitigate potential risks to federal civil and private sector networks.”
The U.S. National Security Agency declined to comment. U.S. officials have repeatedly accused Chinese hackers of stealing U.S. military secrets over the years through various means.
Recently, network devices, which can be difficult for companies to control, have emerged as a preferred route for digital spies.
In 2020 FireEye warned that hackers lined up in Beijing were targeting devices manufactured by Citrix (CTXS.O) and Cisco (CSCO.O) to break into a number of companies in what it described as one of the most broad of a Chinese actor he had seen in years.
The timing of the latest hacker series was not made explicit, although the FireEye report said it was investigating them “earlier this year.”
Carmakal added that hackers operated from the U.S. digital infrastructure and took the naming conventions of their victims to camouflage their activity so that they looked like any other employee logging in from home.
“We’re seeing quite advanced tradecraft,” he said.
Our standards: the principles of trust of Thomson Reuters.