At least two groups of hackers linked to China have been using a previously unknown vulnerability in U.S. networking devices for months to spy on the U.S. defense industry, researchers and the maker of the device said Tuesday.
The IT company Ivanti, Utah, said in a statement that the hackers took advantage of the error in its Pulse Connect Secure range of virtual private network devices to hack into a very limited number of customers.
Ivanti said that although there were mitigations, a solution to the problem would only be available in early May.
Ivanti did not provide details about who was responsible for the espionage campaign, but in a report attending the announcement of Ivanti, cyber security company FireEye (FEYE.O) said it suspected at least one of the burglary groups on behalf of the Chinese government works.
“The other one we suspect is in line with China-based initiatives and collections,” FireEye Charles Carmakal said before the report was released.
Binding hackers to a specific country involves uncertainty, but Carmakal said the judgment of its analysts was based on an analysis of the hackers’ tactics, tools, infrastructure and targets – many of which reflected the infringements linked to China.
The Chinese embassy in Washington did not immediately respond to a request. Beijing regularly denies the burglary of burglary.
FireEye did not want to name the hackers’ targets and only identified them as’ defense, government and financial organizations around the world ‘. The group of hackers suspected of working for Beijing is said to be particularly focused on the US defense industry.
In a statement, the cyber arm of the Department of Homeland Security said it was working with Ivanti ‘to better understand the vulnerability in Pulse Secure VPN devices and reduce potential risks to federal civil and private networks.
The U.S. National Security Agency declined to comment. U.S. officials have repeatedly accused Chinese hackers over the years of stealing U.S. military secrets in various ways.
Recently, networking devices – which can be difficult to monitor for businesses – have emerged as a popular way for digital spies.
In 2020, FireEye warned that hackers targeting Beijing were targeting devices manufactured by Citrix (CTXS.O) and Cisco (CSCO.O) to hack into a number of companies in what they described as one of the broadest campaigns by a Chinese actor. seen in years.
The timing of the latest series of hacks has not been made explicit, although FireEye’s report says it is being investigated ‘early this year’.
Carmakal added that the hackers took advantage of the US digital infrastructure and borrowed the naming conventions of their victims to camouflage their activities so that they would look like any other employee reporting from home.
“We see fairly advanced trades,” he said.
Our Standards: The Thomson Reuters Trust Principles.