A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost Internet security to penetrate the computers of critical US entities.
The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear.
The hackers targeted telecommunications giant Verizon and the Metropolitan Water District of Southern California, the US’ largest water agency.
News broke earlier this month that the New York City subway system, the country’s largest, was also breached.
Security researchers said that dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.
It is unclear what sensitive information, if any, was accessed.
Some of the targets said that they did not see any evidence of data being stolen.
That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered.
However, even if sensitive information was not compromised, experts say that it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.
“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, head technology officer of Mandiant, whose company first publicized the hacking campaign in April.
China has a long history of using the Internet to spy on the US and presents a “prolific and effective cyberespionage threat,” the US Office of the Director of the National Intelligence said in its most recent annual threat assessment.
The Chinese government has denied any role in the Pulse hacking campaign and the US government has not made any formal attribution.
In the Pulse campaign, security experts said sophisticated hackers exploited never-before-seen vulnerabilities to break in and were hyper diligent in trying to cover their tracks once inside.
“The capability is very strong and difficult to defend against, and the profile of victims is very significant,” BAE Systems Applied Intelligence head of cyber Adrian Nish said. “This is a very targeted attack against a few dozen networks that all have national significance in one way or another.”
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an April alert about the Pulse hack saying that it was aware of “compromises affecting a number of US government agencies, critical infrastructure entities and other private sector organizations.”
The new details of the Pulse Secure hack come at a time of tension between the US and China.
US President Joe Biden has made checking China’s growth a top priority, and said the country’s ambition of becoming the wealthiest and most powerful country in the world is “not going to happen under my watch.”
FRUSTRATIONS: One in seven youths in China and Indonesia are unemployed, and many in the region are stuck in low-productivity jobs, the World Bank said Young people across Asia are struggling to find good jobs, with many stuck in low-productivity work that the World Bank said could strain social stability as frustrations fuel a global wave of youth-led protests. The bank highlighted a persistent gap between younger and more experienced workers across several Asian economies in a regional economic update released yesterday, noting that one in seven young people in China and Indonesia are unemployed. The share of people now vulnerable to falling into poverty is now larger than the middle class in most countries, it said. “The employment rate is generally high, but the young struggle to
ENERGY SHIFT: A report by Ember suggests it is possible for the world to wean off polluting sources of power, such as coal and gas, even as demand for electricity surges Worldwide solar and wind power generation has outpaced electricity demand this year, and for the first time on record, renewable energies combined generated more power than coal, a new analysis said. Global solar generation grew by a record 31 percent in the first half of the year, while wind generation grew 7.7 percent, according to the report by the energy think tank Ember, which was released after midnight yesterday. Solar and wind generation combined grew by more than 400 terawatt hours, which was more than the increase in overall global demand during the same period, it said. The findings suggest it is
TICKING CLOCK: A path to a budget agreement was still possible, the president’s office said, as a debate on reversing an increase of the pension age carries on French President Emmanuel Macron yesterday was racing to find a new prime minister within a two-day deadline after the resignation of outgoing French Prime Minister Sebastien Lecornu tipped the country deeper into political crisis. The presidency late on Wednesday said that Macron would name a new prime minister within 48 hours, indicating that the appointment would come by this evening at the latest. Lecornu told French television in an interview that he expected a new prime minister to be named — rather than early legislative elections or Macron’s resignation — to resolve the crisis. The developments were the latest twists in three tumultuous
IN THE AIR: With no compromise on the budget in sight, more air traffic controllers are calling in sick, which has led to an estimated 13,000 flight delays, the FAA said Concerns over flight delays and missed paychecks due to the US government shutdown escalated on Wednesday, as senators rejected yet another bid to end the standoff. Democrats voted for a sixth time to block a Republican stopgap funding measure to reopen government departments, keeping much of the federal workforce home or working without pay. With the shutdown in its eighth day, lines at airports were expected to grow amid increased absenteeism among security and safety staff at some of the country’s busiest hubs. Air traffic controllers — seen as “essential” public servants — are kept at work during government shutdowns, but higher numbers
RSS