| Welcome to Global Village Space

Sunday, November 17, 2024

Chinese hackers break security barriers to access US defense

Chinese hackers are allegedly trying to gain access of US defense firms to steal military technology information. US security experts say they are backed by China. Chinese hackers are most feared in the world.

Chinese hackers allegedly penetrated a company’s VPN technology to break into computer networks of the US defense industry sector, security consultant Mandiant said Tuesday.

Mandiant linked at least two hacking groups, one of them believed to be an official Chinese cyber-spying operation, to malware used to exploit vulnerabilities in VPN security devices made by Pulse Secure, owned by Utah-based Ivanti.

The group used the malware to try to hijack user and administrator identities and enter the systems of US defense industry companies between October 2020 and March 2021, Mandiant said.

Read more: US announces charges against Chinese, Malaysian hackers

It said that governments and financial firms in the US and Europe were also targeted. It called one of the hacking groups UNC2630.

“We suspect UNC2630 operates on behalf of the Chinese government and may have ties to APT5,” it said, referring to a known Chinese state-sponsored hacking group.

It said a “trusted third party” also tied the hacking to APT5.

“APT5 persistently targets high value corporate networks and often re-compromises networks over many years. Their primary targets appear to be aerospace and defense companies located in the US, Europe, and Asia,” Mandiant said.

https://twitter.com/FireEye/status/1384539899680993283

It said it did not have enough information to identify who was behind some of the malware.

There was no assessment of how many companies were affected or what the hackers did with their access to the networks.

Pulse confirmed the main parts of the Mandiant report, saying that it had already released fixes to its products to block the malware.

Read more: US charges 3 North Korean hackers for cyber hacks

Pulse said the hackers impacted “a limited number of customers.”

AFP with additional input by GVS News Desk