Tuesday, November 5, 2024

Chinese hackers attacked the networks of an American defensive group

Must read

Cole Hanson
Cole Hanson
"Extreme twitteraholic. Passionate travel nerd. Hardcore zombie trailblazer. Web fanatic. Evil bacon geek."

Mandiant, IT security consultant, said Tuesday that Chinese hackers have penetrated a US bypass software company (VPN) of US defense companies’ computer networks.

Also read: Microsoft’s Disadvantage: 30,000 US organizations are victims of Chinese hackers

According to the report published by Mandiant, there are at least two groups of hackers, one of which is believed to be close to the Chinese government, linked to malware that has exploited vulnerabilities in VPNs – the systems that allow establishing a secure connection – from Pulse Secure, which belongs to the Ivanti group. Based in Utah, the western state of the United States.

The report said that hackers used malware in an attempt to steal the identities of VPN users and penetrate the computer systems of advocacy groups between October 2020 and March 2021.

Governments and financial companies in Europe and the United States have also been targeted, according to the US advisor, who refers to one of the groups as UNC2630.

“We suspect that UNC2630 is acting on behalf of the Chinese government and has ties to APT5,” the Mandiant Report said, a hacker group known to be associated with Beijing authorities.

The advisor specifies that a “trusted third party” has also linked this new hacking to APT5.

“APT5 regularly targets high value-added group networks,” he adds. “It appears that their preferred targets are companies in the aviation and defense sectors located in the United States, Europe and Asia.”

The report does not specify how many companies were affected.

Pulse Secure confirmed most of Mandiant’s report, stating that it has already provided its customers with solutions to prevent malware.

See also  Virtual Summit | Joe Biden invited Vladimir Putin and Xi Jinping to the climate summit

The VPN maker said the breach affected “a limited number of customers”.

Latest article