Chinese hackers attack U.S. defense group networks, says company
Digital security consultancy Mandiant identified at least two groups of attackers who exploited a breach in a virtual private network (VPN).
Chinese hackers attacked VPNs (virtual private networks) created by an American company and tried to break into networks of defense companies in the country, according to digital security consultancy Mandiant.
The company published a report last Tuesday (20) linking at least two groups of hackers, one of which is considered close to the Chinese government, to malicious software that exploited vulnerabilities in VPNs.
The network software attacked was created by the company Pulse Secure, which belongs to the Ivanti group.
Hackers used malware (a type of computer virus) to try to steal the identities of VPN users and break into defense group systems between October 2020 and March 2021, the document said.
Governments and financial companies in Europe and the United States were also targeted, according to Mandiant, which identified one of the groups under the name UNC2630.
“We suspect that UNC2630 is operating on behalf of the Chinese government and may have links to APT5,” a group of hackers linked to Beijing authorities, according to the report.
He added that “a trusted third party” also linked APT5 to the attack.
“APT5 regularly attacks networks of high-value groups” and “its preferred targets appear to be aerospace and defense companies located in the United States, Europe and Asia,” said Mandiant, who did not specify how many companies were affected.
Pulse Secure confirmed most of Mandiant’s report, saying it has already offered its customers solutions to block malicious software.
The VPN manufacturer said the attack affected “a limited number of customers”.