A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost Internet security to penetrate the computers of critical US entities.
The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear.
The hackers targeted telecommunications giant Verizon and the Metropolitan Water District of Southern California, the US’ largest water agency.
News broke earlier this month that the New York City subway system, the country’s largest, was also breached.
Security researchers said that dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.
It is unclear what sensitive information, if any, was accessed.
Some of the targets said that they did not see any evidence of data being stolen.
That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered.
However, even if sensitive information was not compromised, experts say that it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.
“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, head technology officer of Mandiant, whose company first publicized the hacking campaign in April.
China has a long history of using the Internet to spy on the US and presents a “prolific and effective cyberespionage threat,” the US Office of the Director of the National Intelligence said in its most recent annual threat assessment.
The Chinese government has denied any role in the Pulse hacking campaign and the US government has not made any formal attribution.
In the Pulse campaign, security experts said sophisticated hackers exploited never-before-seen vulnerabilities to break in and were hyper diligent in trying to cover their tracks once inside.
“The capability is very strong and difficult to defend against, and the profile of victims is very significant,” BAE Systems Applied Intelligence head of cyber Adrian Nish said. “This is a very targeted attack against a few dozen networks that all have national significance in one way or another.”
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an April alert about the Pulse hack saying that it was aware of “compromises affecting a number of US government agencies, critical infrastructure entities and other private sector organizations.”
The new details of the Pulse Secure hack come at a time of tension between the US and China.
US President Joe Biden has made checking China’s growth a top priority, and said the country’s ambition of becoming the wealthiest and most powerful country in the world is “not going to happen under my watch.”
With much pomp and circumstance, Cairo is today to inaugurate the long-awaited Grand Egyptian Museum (GEM), widely presented as the crowning jewel on authorities’ efforts to overhaul the country’s vital tourism industry. With a panoramic view of the Giza pyramids plateau, the museum houses thousands of artifacts spanning more than 5,000 years of Egyptian antiquity at a whopping cost of more than US$1 billion. More than two decades in the making, the ultra-modern museum anticipates 5 million visitors annually, with never-before-seen relics on display. In the run-up to the grand opening, Egyptian media and official statements have hailed the “historic moment,” describing the
‘CHILD PORNOGRAPHY’: The doll on Shein’s Web site measure about 80cm in height, and it was holding a teddy bear in a photo published by a daily newspaper France’s anti-fraud unit on Saturday said it had reported Asian e-commerce giant Shein (希音) for selling what it described as “sex dolls with a childlike appearance.” The French Directorate General for Competition, Consumer Affairs and Fraud Control (DGCCRF) said in a statement that the “description and categorization” of the items on Shein’s Web site “make it difficult to doubt the child pornography nature of the content.” Shortly after the statement, Shein announced that the dolls in question had been withdrawn from its platform and that it had launched an internal inquiry. On its Web site, Le Parisien daily published a
‘NO WORKABLE SOLUTION’: An official said Pakistan engaged in the spirit of peace, but Kabul continued its ‘unabated support to terrorists opposed to Pakistan’ Pakistan yesterday said that negotiations for a lasting truce with Afghanistan had “failed to bring about a workable solution,” warning that it would take steps to protect its people. Pakistan and Afghanistan have been holding negotiations in Istanbul, Turkey, aimed at securing peace after the South Asian neighbors’ deadliest border clashes in years. The violence, which killed more than 70 people and wounded hundreds, erupted following explosions in Kabul on Oct. 9 that the Taliban authorities blamed on Pakistan. “Regrettably, the Afghan side gave no assurances, kept deviating from the core issue and resorted to blame game, deflection and ruses,” Pakistani Minister of
UNCERTAIN TOLLS: Images on social media showed small protests that escalated, with reports of police shooting live rounds as polling stations were targeted Tanzania yesterday was on lockdown with a communications blackout, a day after elections turned into violent chaos with unconfirmed reports of many dead. Tanzanian President Samia Suluhu Hassan had sought to solidify her position and silence criticism within her party in the virtually uncontested polls, with the main challengers either jailed or disqualified. In the run-up, rights groups condemned a “wave of terror” in the east African nation, which has seen a string of high-profile abductions that ramped up in the final days. A heavy security presence on Wednesday failed to deter hundreds protesting in economic hub Dar es Salaam and elsewhere, some
RSS