Chinese hackers allegedly penetrated a company's VPN technology to break into computer networks of the US defense industry sector, security consultant Mandiant said Tuesday.

Mandiant linked at least two hacking groups, one of them believed to be an official Chinese cyber-spying operation, to malware used to exploit vulnerabilities in VPN security devices made by Pulse Secure, owned by Utah-based Ivanti.

The group used the malware to try to hijack user and administrator identities and enter the systems of US defense industry companies between October 2020 and March 2021, Mandiant said.

It said that governments and financial firms in the US and Europe were also targeted.

It called one of the hacking groups UNC2630.

"We suspect UNC2630 operates on behalf of the Chinese government and may have ties to APT5," it said, referring to a known Chinese state-sponsored hacking group.

It said a "trusted third party" also tied the hacking to APT5.

"APT5 persistently targets high value corporate networks and often re-compromises networks over many years. Their primary targets appear to be aerospace and defense companies located in the US, Europe, and Asia," Mandiant said.

it said it did not have enough information to identify who was behind some of the malware.

There was no assessment of how many companies were affected or what the hackers did with their access to the networks.

Pulse confirmed the main parts of the Mandiant report, saying that it had already released fixes to its products to block the malware.

Pulse said the hackers impacted "a limited number of customers."

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Tweet

Thanks for being here; We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain. With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords. Our news coverage takes time and effort to publish 365 days a year. If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Contributor $5 Billed Once credit card or paypal		SpaceDaily Monthly Supporter $5 Billed Monthly paypal only

Fake news attacks feature in NATO cyber war game
Tallinn (AFP) April 15, 2021
A fake news site attacking a NATO member recovering from the pandemic is part of the fictional scenario in an alliance cyber war game this week billed as the world's largest. In the exercise, non-NATO member "Crimsonia" attacks vital infrastructure such as water supplies and mobile networks on the island state of "Berylia", as well as the financial sector. Crimsonia is also engaging in information warfare, persuading the people of Berylia that their government is responsible for a series of acci ... read more