Suspected Chinese hackers spied on US, European targets
A prominent cybersecurity firm says suspected state-backed Chinese hackers exploited widely used networking devices to spy for months on dozens of high-value government, defense industry and financial sector targets in the U.S. and Europe
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Suspected state-backed Chinese hackers exploited widely used networking devices to spy for months on dozens of high-value government, defense industry and financial sector targets in the U.S. and Europe, according to FireEye a prominent cybersecurity firm.
FireEye said Tuesday that it believes two hacking groups linked to China broke into several targets through Pulse Connect Secure devices, which numerous companies and governments use for secure remote access to their networks.
After FireEye released a blog post detailing its findings Tuesday, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an alert saying it was aware of “ongoing exploitation" of Pulse Connect Secure that is “compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.” The agency did not provide additional details about which organizations were breached.
Ivanti, the Utah-based owner of Pulse Connect Secure, said a limited number of customers “experienced evidence of exploit behavior." The company said the hackers used three known exploits and a previously unknown one.
The company says it will release a patch in early May.
Charles Carmakal, the chief technology officer at FireEye, said it is still trying to piece together details about the hack but that available evidence suggests the hackers are aligned with the Chinese government.
Carmakal, whose company discovered in December the monthslong SolarWinds hacking campaign attributed to Russian cyberspies, said the Pulse Connect Secure hack had several notable aspects: The hackers were highly skilled, were able to evade multifactor authentication and could stay hidden on a penetrated network even if software was reset or upgraded.
“Their tradecraft is really good,” he said.
Neither FireEye nor Ivanti would specify who was targeted. But Carmakal said those hacked were government agencies in both the U.S. and Europe as well as U.S-based defense companies “you would anticipate the Chinese government being interested in.”
“They're very high-profile victims,” he said.
The Chinese Embassy did not immediately return a request for comment.
The new disclosure comes at a time of heightened interest in U.S. cybersecurity defenses. U.S. officials are still grappling with the aftereffects of the SolarWinds intrusion, which struck agencies including the Treasury, Justice and Homeland Security departments.
The breach exposed vulnerabilities in the supply chain as well as weaknesses in the federal government’s own cyber defenses.