WASHINGTON – Chinese hackers allegedly penetrated a company’s VPN technology to break into computer networks of the US defence industry sector, security consultant Mandiant said yesterday.
Mandiant linked at least two hacking groups, one of them believed to be an official Chinese cyber-spying operation, to malware used to exploit vulnerabilities in VPN security devices made by Pulse Secure, owned by Utah-based Ivanti.
The groups used the malware to try to hijack user and administrator identities, and enter the systems of US defence industry companies, between October last year and March this year, it said.
It added that governments and financial firms in the US and Europe are also targeted.
It called one of the hacking groups UNC2630.
“We suspect UNC2630 operates on behalf of the Chinese government and may have ties to APT5,” it said, referring to a known Chinese state-sponsored hacking group.
Mandiant said a “trusted third party” also tied the hacking to APT5.
“APT5 persistently targets high value corporate networks and often re-compromises networks over many years.
“Their primary targets appear to be aerospace and defence companies located in the US, Europe and Asia.”
Mandiant said it did not have enough information to identify who is behind some of the malware.
There is no assessment of how many companies are affected or what the hackers did with their access to the networks, it added.
Pulse confirmed the main parts of the Mandiant report, saying that it has released fixes to its products to block the malware.
Pulse said the hackers impacted “a limited number of customers”. – AFP, April 21, 2021