At least two groups of Chinese-linked hackers have spent months using a previously undisclosed vulnerability in US network devices to spy on the US defense industry, researchers and device makers said on Tuesday.
Utah-based IT company Ivanti said in a statement that hackers took advantage of the flaw in its Pulse Connect Secure suite of virtual network devices to enter the systems of “a very limited number of customers.”
Ivanti said that although there were mitigations, a solution to the problem would not be available until early May.
Ivanti did not provide any details about who could be responsible for the espionage campaign, but in a report given in the Ivanti announcement, the cyber security company FireEye (FEYE.O) stated that it suspects that at least one of the hacking groups operates on behalf of the Chinese government.
“The other one we suspect is aligned with Chinese initiatives and collections,” Charles Carmakal of FireEye said before the report was released.
Linking hackers to a particular country is uncertain, but Carmakal said his analysts ‘judgment is based on an analysis of hackers’ tactics, tools, infrastructure and targets – many of which echoed China-related intrusions.
The Chinese Embassy in Washington did not immediately respond to a request for comment. Beijing routinely denies hacking.
FireEye declined to name the targets of the hackers, identifying them only as “defense, government and financial organizations around the world.” He said the group of hackers suspected of working on behalf of Beijing was focusing mainly on the US defense industry.
In a statement, the cybersecurity arm of the Department of Homeland Security said it was working with Ivanti “to better understand the vulnerability of Pulse Secure VPN devices and to mitigate potential risks to federal civil and private sector networks.”
The US National Security Agency declined to comment. U.S. officials have repeatedly accused Chinese hackers of stealing US military secrets over the years through a variety of means.
Lately, network devices – which can be difficult for companies to monitor – have emerged as a preferred way for digital spies.
In 2020, FireEye warned that hackers aligned with Beijing were targeting devices manufactured by Citrix (CTXS.O) and Cisco (CSCO.O) to join a number of companies in what it described as one of the broadest campaigns by Beijing. to a Chinese actor he had seen for years.
The timing of the latest series of hacks was not made explicit, although the FireEye report said it investigated them “earlier this year.”
Carmakal added that the hackers operated from the American digital infrastructure and borrowed the naming conventions of their victims to camouflage their activity, so as to look like any other employee who connects from home.
“We see tradecraft quite advanced,” he said.
Our standards: Thomson Reuters’ principles of trust.