Chinese hackers used a previously undisclosed vulnerability in American networking devices to spy on the U.S. defense industry
Early last year, four Chinese military spies were charged with hacking the credit bureau Equifax. The breach affected more than 145 million Americans with the hackers successfully stealing names, Social Security numbers, and other personal information stored in the company’s databases.
Now a little over a year later, while Americans are still talking about the coronavirus, the Chinese government, through various hacking groups, is busy spying on the U.S. defense industry and collecting intelligence to give them a competitive advantange.
According to a new report, at least two groups of Chinese hackers have spent months using a previously undisclosed vulnerability in Pulse Secure‘s networking devices to spy on the U.S. defense industry, researchers from a Utah-based cybersecurity firm Ivanti said Tuesday.
In a blog post on its website, the company wrote:
“The Pulse Secure team recently discovered that a limited number of customers have experienced evidence of exploit behavior on their Pulse Connect Secure (PCS) appliances. We are sharing information about the investigation and our actions through several communications channels in the best interests of our customers and the greater security community.”
Utah-based IT company Ivanti said in a statement that the hackers took advantage of the flaw in its Pulse Connect Secure suite of virtual private networking devices to break into the systems of “a very limited number of customers.”
“There is a new issue, discovered this month, that impacted a very limited number of customers. The team worked quickly to provide mitigations directly to the limited number of impacted customers that remediates the risk to their system.”
Ivanti said it will be releasing a software update in early May. Meanwhile, Ivanti did not provide any details about the affected customers and who might be responsible for the espionage campaign. However, in another report timed to Ivanti’s announcement, cybersecurity company FireEye said it suspected that at least one of the hacking groups operates on behalf of the Chinese government.
“The other one we suspect is aligned with China-based initiatives and collections,” FireEye’s Charles Carmakal said ahead of the report’s release. Fireeye identified the hackers as “defense, government, and financial organizations around the world.” It said the group of hackers suspected of working on Beijing’s behalf was particularly focused on the U.S. defense industry.
Meanwhile, Reuters reported earlier today that the cyber arm of the Department of Homeland Security said it was working with Ivanti “to better understand the vulnerability in Pulse Secure VPN devices and mitigate potential risks to federal civilian and private sector networks.”