Hackers attempted to steal user identities and penetrate the systems of Washington officials between October 2020 and March 2021
Chinese hackers targeted VPNs made by a US company to penetrate the digital networks of US defense firms, IT security consultant Mandiant announced on Tuesday.
The Mandiant report combined at least two groups of hackers, one of whom is believed to be close to the Chinese government and linked to malicious software that exploited threats in the VPN (systems that allow you to establish a secure connection) manufactured by the company Pulse Secure. Which belongs to the Ivanti group.
Hackers used the malware to steal VPN users' identities and penetrate the computer systems of advocacy groups between October 2020 and March 2021, the document said.
Governments and financial companies in Europe and the United States were also targeted, according to Mandiant, which identified one of the groups under the name UNC2630.
"We suspect that UNC2630 operates on behalf of the Chinese government and may have ties to APT5, " a hacking group linked to the Beijing authorities, according to the report.
He added that "a trusted third party" also linked APT5 to the hack.
Mandiant said, who did not specify how many companies were affected. APT5 constantly attacks the network of high-value groups, and its preferred targets appear to be aeronautics and defense companies based in the United States, Europe, and Asia.
Pulse Secure confirmed most of Mandiant's report, saying it has already offered its customers solutions to block malicious software.
The VPN manufacturer claimed that the attack had affected "a limited number of customers."
Previously, similar attacks had already been registered in the United States by hackers. Such is the case of the Microsoft company, which warned in March of this year that Chinese hackers had managed to gain access to users' emails.
With support from the Xi Jinping regime, the hackers sought to steal information in fields as diverse as infectious disease research, law firms, higher education, defense contractors, and NGOs.
Microsoft said a highly experienced and advanced group of hackers, sponsored by the government and operating outside China, was trying to steal information from various US targets, including universities and defense contractors, Legislatures, and infectious disease investigators.
In a post on the company's official blog, Tom Burt, its corporate vice president for security and consumer confidence, hinted that hackers had taken advantage of four previously unknown system vulnerabilities.
Hackers gained access to the server through failures in the system identified by the hackers, which could allow them to steal information such as email accounts and contacts and at the same time elements of malicious software or malware.
That same month, a group of hackers backed by the Chinese regime attacked the systems of two Indian vaccine manufacturers whose injections for the coronavirus were used in the country's immunization campaign, Reuters reported with information available to the company of cyberintelligence Cyfirma.