A huge Chinese espionage effort against US and European government agencies, according to security firm FireEye, comprises four new hacking tools and spans more business sectors than previously revealed. In hacks affecting the transportation and telecommunications industries, two China-linked gangs — as well as other hackers who investigators did not name — have employed virtual private network software.
Intruders are breaking into networks and stealing important data using Pulse Connect Secure, a popular VPN provider. Many of the compromised companies, according to Mandiant, FireEye’s incident response arm, “work in verticals and industries aligned with Beijing’s strategic objectives” outlined in the Chinese government’s most recent “Five Year Plan” for economic growth.
The majority of the breaches, according to Sarah Jones, senior principal analyst at Mandiant Threat Intelligence, were carried out by a group named UNC2630, which appears to act on behalf of the Chinese government. The accused Chinese hackers are also using four additional pieces of malware to collect data and hide their trails.
“Chinese cyber-espionage activity has exhibited a greater tolerance for risk and is less constrained by diplomatic considerations than previously characterized,” Mandiant analysts wrote in a blog post released Thursday.
In a second incident, Microsoft said in March that claimed Chinese spies used flaws in the Exchange Server software to capture email inboxes from American businesses. The attacks were immoral, according to several researchers, because the malicious code left on victims’ computers may have been exploited by a variety of financially motivated criminals.
A spokeswoman for the Chinese Embassy in Washington, D.C. did not immediately respond to a request for comment on Mandiant’s findings on Thursday. Beijing has denied carrying out cyberattacks on numerous occasions. Responding to the alleged Chinese attacks, as well as a suspected Russian operation that used SolarWinds software, has taken US officials a long time. At least 24 government agencies employ Pulse Connect Secure, with some national-security-focused research laboratories openly publicizing their usage of the software.
The Pulse Connect Secure assault, according to a spokesman from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), may have affected at least five civilian agencies. As Mandiant prepared to expose the operation last month, the security firm claims that the alleged Chinese spies wiped up traces of many of their attacks in some of the Pulse Connect intrusions.
“Chinese policymakers’ increased ambition and risk tolerance since 2019 suggests that the pace of Chinese state-sponsored activity may pick up in the near future and that the Chinese cyber threat apparatus poses a renewed and serious threat to U.S. and European commercial entities,” Mandiant analysts warned.
E Hacking News
Image by Josh Sorenson