A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost Internet security to penetrate the computers of critical US entities.
The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear.
The hackers targeted telecommunications giant Verizon and the Metropolitan Water District of Southern California, the US’ largest water agency.
News broke earlier this month that the New York City subway system, the country’s largest, was also breached.
Security researchers said that dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.
It is unclear what sensitive information, if any, was accessed.
Some of the targets said that they did not see any evidence of data being stolen.
That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered.
However, even if sensitive information was not compromised, experts say that it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.
“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, head technology officer of Mandiant, whose company first publicized the hacking campaign in April.
China has a long history of using the Internet to spy on the US and presents a “prolific and effective cyberespionage threat,” the US Office of the Director of the National Intelligence said in its most recent annual threat assessment.
The Chinese government has denied any role in the Pulse hacking campaign and the US government has not made any formal attribution.
In the Pulse campaign, security experts said sophisticated hackers exploited never-before-seen vulnerabilities to break in and were hyper diligent in trying to cover their tracks once inside.
“The capability is very strong and difficult to defend against, and the profile of victims is very significant,” BAE Systems Applied Intelligence head of cyber Adrian Nish said. “This is a very targeted attack against a few dozen networks that all have national significance in one way or another.”
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an April alert about the Pulse hack saying that it was aware of “compromises affecting a number of US government agencies, critical infrastructure entities and other private sector organizations.”
The new details of the Pulse Secure hack come at a time of tension between the US and China.
US President Joe Biden has made checking China’s growth a top priority, and said the country’s ambition of becoming the wealthiest and most powerful country in the world is “not going to happen under my watch.”
The Burmese junta has said that detained former leader Aung San Suu Kyi is “in good health,” a day after her son said he has received little information about the 80-year-old’s condition and fears she could die without him knowing. In an interview in Tokyo earlier this week, Kim Aris said he had not heard from his mother in years and believes she is being held incommunicado in the capital, Naypyidaw. Aung San Suu Kyi, a Nobel Peace Prize laureate, was detained after a 2021 military coup that ousted her elected civilian government and sparked a civil war. She is serving a
REVENGE: Trump said he had the support of the Syrian government for the strikes, which took place in response to an Islamic State attack on US soldiers last week The US launched large-scale airstrikes on more than 70 targets across Syria, the Pentagon said on Friday, fulfilling US President Donald Trump’s vow to strike back after the killing of two US soldiers. “This is not the beginning of a war — it is a declaration of vengeance,” US Secretary of Defense Pete Hegseth wrote on social media. “Today, we hunted and we killed our enemies. Lots of them. And we will continue.” The US Central Command said that fighter jets, attack helicopters and artillery targeted ISIS infrastructure and weapon sites. “All terrorists who are evil enough to attack Americans are hereby warned
Seven wild Asiatic elephants were killed and a calf was injured when a high-speed passenger train collided with a herd crossing the tracks in India’s northeastern state of Assam early yesterday, local authorities said. The train driver spotted the herd of about 100 elephants and used the emergency brakes, but the train still hit some of the animals, Indian Railways spokesman Kapinjal Kishore Sharma told reporters. Five train coaches and the engine derailed following the impact, but there were no human casualties, Sharma said. Veterinarians carried out autopsies on the dead elephants, which were to be buried later in the day. The accident site
‘EAST SHIELD’: State-run Belma said it would produce up to 6 million mines to lay along Poland’s 800km eastern border, and sell excess to nations bordering Russia and Belarus Poland has decided to start producing anti-personnel mines for the first time since the Cold War, and plans to deploy them along its eastern border and might export them to Ukraine, the deputy defense minister said. Joining a broader regional shift that has seen almost all European countries bordering Russia, with the exception of Norway, announce plans to quit the global treaty banning such weapons, Poland wants to use anti-personnel mines to beef up its borders with Belarus and Russia. “We are interested in large quantities as soon as possible,” Deputy Minister of National Defense Pawel Zalewski said. The mines would be part
RSS