Suspected state-backed Chinese hackers spied on US, European targets: cybersecurity expert
- FireEye says two highly skilled hacking groups breached Pulse Connect Secure devices to hit government agencies and defence firms
- US Department of Homeland Security’s cybersecurity agency issues alert saying it was aware of ‘ongoing exploitation’
FireEye said it believed two hacking groups linked to China broke into several targets through Pulse Connect Secure devices, which numerous companies and governments use for secure remote access to their networks.
After FireEye released a blog post detailing its findings on Tuesday, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an alert saying it was aware of “ongoing exploitation” of Pulse Connect Secure that was “compromising US government agencies, critical infrastructure entities and private sector organisations”. The agency did not provide additional details about which organisations were breached.
Ivanti, the Utah-based owner of Pulse Connect Secure, said a limited number of customers “experienced evidence of exploit behaviour”. The company said the hackers had used three known exploits and a previously unknown one.
The company said it would release a patch in early May.
Charles Carmakal, the chief technology officer at FireEye, said the firm was still trying to piece together details about the hack but that available evidence suggested the hackers were aligned with the Chinese government.
“Their tradecraft is really good,” he said.
Neither FireEye nor Ivanti would specify who was targeted. But Carmakal said those hacked were government agencies in both the US and Europe as well as US-based defence companies “you would anticipate the Chinese government being interested in”.
“They’re very high-profile victims,” he said.
Chinese hackers ‘instructed by military’ blamed for hundreds of cyberattacks in Japan
A spokesman for the Chinese embassy in the US, Liu Pengyu, said “it is irresponsible and ill-intentioned to accuse a particular party when there is no sufficient evidence around”.
The new disclosure comes at a time of heightened interest in US cybersecurity defences. US officials are still grappling with the after-effects of the SolarWinds intrusion which struck agencies including the Treasury, Justice and Homeland Security departments.