At least two groups of hackers linked to China have been using a previously undisclosed vulnerability in US network devices to spy on the US defense industry for months, researchers and the device manufacturer said Tuesday.
Utah-based IT company Ivanti said in a statement that the hackers took advantage of the flaw in their Pulse Connect Secure suite of virtual private network devices to break into the systems of “a very limited number of customers.”
Ivanti said that while solutions existed, a solution to the problem wouldn’t be available until early May.
Ivanti did not provide details on who could be responsible for the espionage campaign, but in a report announced at the time of Ivanti’s announcement, cybersecurity firm FireEye (FEYE.O) said it suspected that at least one of the hacker groups was acting on behalf of the Chinese government operates.
“The other that we suspect is in line with China-based initiatives and collections,” said FireEye’s Charles Carmakal prior to publishing the report.
Linking hackers to a specific country is fraught with uncertainty, but Carmakal said his analysts ‘judgment was based on an analysis of the hackers’ tactics, tools, infrastructure and targets – many of which echoed along China-related invaders.
The Chinese Embassy in Washington did not immediately respond to a request for comment. Beijing routinely denies carrying out hacking operations.
FireEye declined to name the hackers’ targets, identifying them only as “defense, government and financial organizations around the world.” It said the group of hackers suspected of working on Beijing’s behalf focused mainly on the US defense industry.
In a statement, the Department of Homeland Security’s cyber division said it was working with Ivanti “to better understand the vulnerability of Pulse Secure VPN devices and mitigate potential risks to federal civil and private networks.”
The US National Security Agency declined comment. US officials have repeatedly accused Chinese hackers of stealing US military secrets in various ways over the years.
Recently, network devices – which are difficult for businesses to track – have become a popular avenue for digital spies.
In 2020, FireEye warned that Beijing hackers targeted devices manufactured by Citrix (CTXS.O) and Cisco (CSCO.O) to break into a host of companies in what it described as one of the broadest campaigns of a Chinese actor who had seen it in years.
The timing of the latest series of hacks was not made explicit, although the FireEye report said it had investigated them “early this year.”
Carmakal added that the hackers were operating from the US digital infrastructure and borrowing their victims’ naming conventions to disguise their activities so that they would look like any other employee logging in at home.
“We’re seeing some pretty sophisticated trading,” he said.
Our Standards: The Thomson Reuters Principles of Trust.