AP

Suspected Chinese hackers spied on US, European targets

Apr 20, 2021, 1:58 AM | Updated: Apr 21, 2021, 10:36 am

Suspected state-backed Chinese hackers exploited widely used networking devices to spy for months on dozens of high-value government, defense industry and financial sector targets in the U.S. and Europe, according to FireEye, a prominent cybersecurity firm.

FireEye said Tuesday that it believes two hacking groups linked to China broke into several targets through Pulse Connect Secure devices, which numerous companies and governments use for secure remote access to their networks.

After FireEye released a blog post detailing its findings Tuesday, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an alert saying it was aware of “ongoing exploitation” of Pulse Connect Secure that is “compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.” The agency did not provide additional details about which organizations were breached.

Ivanti, the Utah-based owner of Pulse Connect Secure, said a limited number of customers “experienced evidence of exploit behavior.” The company said the hackers used three known exploits and a previously unknown one.

The company says it will release a patch in early May.

Charles Carmakal, the chief technology officer at FireEye, said it is still trying to piece together details about the hack but that available evidence suggests the hackers are aligned with the Chinese government.

Carmakal, whose company discovered in December the monthslong SolarWinds hacking campaign attributed to Russian cyberspies, said the Pulse Connect Secure hack had several notable aspects: The hackers were highly skilled, were able to evade multifactor authentication and could stay hidden on a penetrated network even if software was reset or upgraded.

“Their tradecraft is really good,” he said.

Neither FireEye nor Ivanti would specify who was targeted. But Carmakal said those hacked were government agencies in both the U.S. and Europe as well as U.S-based defense companies “you would anticipate the Chinese government being interested in.”

“They’re very high-profile victims,” he said.

A spokesman for the Chinese Embassy, Liu Pengyu, said “it is irresponsible and ill-intentioned to accuse a particular party when there is no sufficient evidence around.”

The new disclosure comes at a time of heightened interest in U.S. cybersecurity defenses. U.S. officials are still grappling with the aftereffects of the SolarWinds intrusion, which struck agencies including the Treasury, Justice and Homeland Security departments.

The breach exposed vulnerabilities in the supply chain as well as weaknesses in the federal government’s own cyber defenses.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Image: A cargo ship is stuck under the part of the structure of the Francis Scott Key Bridge after ...

Associated Press

Authorities identify 2 bodies recovered at site of Baltimore bridge collapse

A major bridge in Baltimore snapped and collapsed after a container ship rammed into it early Tuesday, and several vehicles fell into the river below.

1 day ago

Photo: Mountaineer Jim Whittaker has died at 95....

Gene Johnson, The Associated Press

Lou Whittaker, among the most famous American mountaineers, has died at age 95

Lou Whittaker, a legendary American mountaineer who helped lead ascents of Mount Everest, K2 and Denali, has died at age 95.

1 day ago

File photo: Former Sen. Joe Lieberman speaks in Washington on Jan. 18, 2024....

Associated Press

Former Sen. Joe Lieberman, Democrats’ VP pick in 2000, dead at 82

Former U.S. Sen. Joe Lieberman of Connecticut, who nearly won the vice presidency on the Democratic ticket with Al Gore in 2000, has died.

1 day ago

islamic state attack...

Vanessa Gera, The Associated Press

What we know after the Islamic State group claims responsibility for Moscow massacre

The Islamic State group has claimed responsibility for an attack on a suburban Moscow concert hall that killed at least 133 people.

5 days ago

Moscow shooting...

The Associated Press

Russia: 60 dead, 145 injured in concert hall raid; Islamic State group claims responsibility

Assailants burst into a concert hall in Moscow on Friday and sprayed the crowd with gunfire, killing over 60 people, injuring more than 100.

7 days ago

Photo: Britain's Kate, Duchess of Cambridge visits 282 (East Ham) Squadron, RAF Air Cadets, Cornwel...

Associated Press

Kate Middleton announces she has cancer, is undergoing chemotherapy

Kate Middleton, Princess of Wales, says she is undergoing chemotherapy to treat cancer. She has been out of view since Christmas.

7 days ago

Suspected Chinese hackers spied on US, European targets