A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost Internet security to penetrate the computers of critical US entities.
The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear.
The hackers targeted telecommunications giant Verizon and the Metropolitan Water District of Southern California, the US’ largest water agency.
News broke earlier this month that the New York City subway system, the country’s largest, was also breached.
Security researchers said that dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.
It is unclear what sensitive information, if any, was accessed.
Some of the targets said that they did not see any evidence of data being stolen.
That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered.
However, even if sensitive information was not compromised, experts say that it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.
“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, head technology officer of Mandiant, whose company first publicized the hacking campaign in April.
China has a long history of using the Internet to spy on the US and presents a “prolific and effective cyberespionage threat,” the US Office of the Director of the National Intelligence said in its most recent annual threat assessment.
The Chinese government has denied any role in the Pulse hacking campaign and the US government has not made any formal attribution.
In the Pulse campaign, security experts said sophisticated hackers exploited never-before-seen vulnerabilities to break in and were hyper diligent in trying to cover their tracks once inside.
“The capability is very strong and difficult to defend against, and the profile of victims is very significant,” BAE Systems Applied Intelligence head of cyber Adrian Nish said. “This is a very targeted attack against a few dozen networks that all have national significance in one way or another.”
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an April alert about the Pulse hack saying that it was aware of “compromises affecting a number of US government agencies, critical infrastructure entities and other private sector organizations.”
The new details of the Pulse Secure hack come at a time of tension between the US and China.
US President Joe Biden has made checking China’s growth a top priority, and said the country’s ambition of becoming the wealthiest and most powerful country in the world is “not going to happen under my watch.”
DEADLOCK: Putin has vowed to continue fighting unless Ukraine cedes more land, while talks have been paused with no immediate results expected, the Kremlin said Russia on Friday said that peace talks with Kyiv were on “pause” as Ukrainian President Volodymyr Zelenskiy warned that Russian President Vladimir Putin still wanted to capture the whole of Ukraine. Meanwhile, US President Donald Trump said that he was running out of patience with Putin, and the NATO alliance said it would bolster its eastern front after Russian drones were shot down in Polish airspace this week. The latest blow to faltering diplomacy came as Russia’s army staged major military drills with its key ally Belarus. Despite Trump forcing the warring sides to hold direct talks and hosting Putin in Alaska, there
North Korea has executed people for watching or distributing foreign television shows, including popular South Korean dramas, as part of an intensifying crackdown on personal freedoms, a UN human rights report said on Friday. Surveillance has grown more pervasive since 2014 with the help of new technologies, while punishments have become harsher — including the introduction of the death penalty for offences such as sharing foreign TV dramas, the report said. The curbs make North Korea the most restrictive country in the world, said the 14-page UN report, which was based on interviews with more than 300 witnesses and victims who had
COMFORT WOMEN CLASH: Japan has strongly rejected South Korean court rulings ordering the government to provide reparations to Korean victims of sexual slavery The Japanese government yesterday defended its stance on wartime sexual slavery and described South Korean court rulings ordering Japanese compensation as violations of international law, after UN investigators criticized Tokyo for failing to ensure truth-finding and reparations for the victims. In its own response to UN human rights rapporteurs, South Korea called on Japan to “squarely face up to our painful history” and cited how Tokyo’s refusal to comply with court orders have denied the victims payment. The statements underscored how the two Asian US allies still hold key differences on the issue, even as they pause their on-and-off disputes over historical
CONSOLIDATION: The Indonesian president has used the moment to replace figures from former president Jokowi’s tenure with loyal allies In removing Indonesia’s finance minister and U-turning on protester demands, the leader of Southeast Asia’s biggest economy is scrambling to restore public trust while seizing a chance to install loyalists after deadly riots last month, experts say. Demonstrations that were sparked by low wages, unemployment and anger over lawmakers’ lavish perks grew after footage spread of a paramilitary police vehicle running over a delivery motorcycle driver. The ensuing riots, which rights groups say left at least 10 dead and hundreds detained, were the biggest of Indonesian President Prabowo Subianto’s term, and the ex-general is now calling on the public to restore their
RSS