A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost Internet security to penetrate the computers of critical US entities.
The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear.
The hackers targeted telecommunications giant Verizon and the Metropolitan Water District of Southern California, the US’ largest water agency.
News broke earlier this month that the New York City subway system, the country’s largest, was also breached.
Security researchers said that dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.
It is unclear what sensitive information, if any, was accessed.
Some of the targets said that they did not see any evidence of data being stolen.
That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered.
However, even if sensitive information was not compromised, experts say that it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.
“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, head technology officer of Mandiant, whose company first publicized the hacking campaign in April.
China has a long history of using the Internet to spy on the US and presents a “prolific and effective cyberespionage threat,” the US Office of the Director of the National Intelligence said in its most recent annual threat assessment.
The Chinese government has denied any role in the Pulse hacking campaign and the US government has not made any formal attribution.
In the Pulse campaign, security experts said sophisticated hackers exploited never-before-seen vulnerabilities to break in and were hyper diligent in trying to cover their tracks once inside.
“The capability is very strong and difficult to defend against, and the profile of victims is very significant,” BAE Systems Applied Intelligence head of cyber Adrian Nish said. “This is a very targeted attack against a few dozen networks that all have national significance in one way or another.”
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an April alert about the Pulse hack saying that it was aware of “compromises affecting a number of US government agencies, critical infrastructure entities and other private sector organizations.”
The new details of the Pulse Secure hack come at a time of tension between the US and China.
US President Joe Biden has made checking China’s growth a top priority, and said the country’s ambition of becoming the wealthiest and most powerful country in the world is “not going to happen under my watch.”
Indonesia and Malaysia have become the first countries to block Grok, the artificial intelligence (AI) chatbot developed by Elon Musk’s xAI, after authorities said it was being misused to generate sexually explicit and nonconsensual images. The moves reflect growing global concern over generative AI tools that can produce realistic images, sound and text, while existing safeguards fail to prevent their abuse. The Grok chatbot, which is accessed through Musk’s social media platform X, has been criticized for generating manipulated images, including depictions of women in bikinis or sexually explicit poses, as well as images involving children. Regulators in the two Southeast Asian
COMMUNIST ALIGNMENT: To Lam wants to combine party chief and state presidency roles, with the decision resting on the election of 200 new party delegates next week Communist Party of Vietnam General Secretary To Lam is seeking to combine his party role with the state presidency, officials said, in a move that would align Vietnam’s political structure more closely to China’s, where President Xi Jinping (習近平) heads the party and state. Next week about 1,600 delegates are to gather in Hanoi to commence a week-long communist party congress, held every five years to select new leaders and set policy goals for the single-party state. Lam, 68, bade for both top positions at a party meeting last month, seeking initial party approval ahead of the congress, three people briefed by
The Chinese Embassy in Manila yesterday said it has filed a diplomatic protest against a Philippine Coast Guard spokesman over a social media post that included cartoonish images of Chinese President Xi Jinping (習近平). Philippine Coast Guard spokesman Jay Tarriela and an embassy official had been trading barbs since last week over issues concerning the disputed South China Sea. The crucial waterway, which Beijing claims historic rights to despite an international ruling that its assertion has no legal basis, has been the site of repeated clashes between Chinese and Philippine vessels. Tarriela’s Facebook post on Wednesday included a photo of him giving a
ICE DISPUTE: The Trump administration has sought to paint Good as a ‘domestic terrorist,’ insisting that the agent who fatally shot her was acting in self-defense Thousands of demonstrators chanting the name of the woman killed by a US federal agent in Minneapolis, Minnesota, took to the city’s streets on Saturday, amid widespread anger at use of force in the immigration crackdown of US President Donald Trump. Organizers said more than 1,000 events were planned across the US under the slogan “ICE, Out for Good” — referring to the US Immigration and Customs Enforcement, which is drawing growing opposition over its execution of Trump’s effort at mass deportations. The slogan is also a reference to Renee Good, the 37-year-old mother shot dead on Wednesday in her
RSS