Chinese hackers attacked US defense group networks

Chinese hackers attacked VPNs made by an American company to penetrate the digital networks of American defense companies, Computer security consultant Mandiant announced Tuesday.

The Mandiant report has linked at least two hacker groups, one of which is believed to be close to the Chinese regime, with malware exploiting VPN vulnerabilities. (systems for establishing a secure connection) manufactured by the company Pulse Secure, which belongs to the Ivanti group.

Hackers used the malware to attempt to steal the identities of VPN users and penetrate the computer systems of advocacy groups between October 2020 and March 2021, the document said.

Governments and financial companies in Europe and the United States have also been targeted, according to Mandiant, who identified one of the groups as UNC2630.

“We suspect that UNC2630 is operating on behalf of the Chinese government and may have links to APT5.A group of hackers linked to the Beijing authorities, according to the report.

He added that “a trusted third party” also linked APT5 to the hack.

“APT5 regularly attacks the networks of high added value groups “and” its privileged targets seem to be companies in the aeronautics and defense sector located in the United States, Europe and Asia ” Mandiant said, who did not specify how many businesses were affected.

Pulse Secure confirmed most of Mandiant’s report, saying it has already offered solutions to its customers to block malware.

VPN maker claimed attack hit “a limited number of customers”

Previously, similar attacks had already been recorded in the United States, by hackers, as is the case of the Microsoft company, which warned in March of this year that Chinese hackers had managed to access users’ emails.

Hackers, with the backing of Xi Jinping’s regime, have sought to steal information from fields as diverse as infectious disease research, law firms, higher education, defense contractors and NGOs .

Microsoft said that A group of “highly skilled and sophisticated” hackers, which are sponsored by a government and operate from China, are trying to steal information from various US targets., including universities, defense contractors, law firms and infectious disease researchers.

In a post on the company’s official blog, its corporate vice president for user security and trust, Tom Burt, said hackers took advantage of four previously unknown system weaknesses.

Thanks to the system crashes that the hackers managed to identify, they gained access to the server, from which they may have stolen information such as email accounts and contacts while installing malware or malware.

In the same month, a group of Chinese regime-backed hackers attacked the systems of two Indian vaccine makers whose injections of the coronavirus were used in the country’s vaccination campaign, he published. Reuters with information to which he had access since the cyber-intelligence company Cyfirma.

(With information from Europa Press and Reuters)

KEEP READING: