A US cyber security firm says a hacking group possibly linked to China has breached nine global organizations, including at least one in the United States.
The report from Palo Alto Networks of Santa Clara, Calif. said that malicious actors were actively stealing passwords from targeted organizations with the goal of maintaining long-term access.
The report said that from September 22 to early October, hackers compromised at least nine entities in sectors such as technology, defence, health care, energy and education. No one is identified in the report. One organization is in America.
Ryan Olson, vice president of threat intelligence at Palo Alto Networks, said that “any company that does business with the Pentagon may have a variety of data in their emails about defense contracts that may be of interest to foreign spies. ”
Nicholas Eftimides, an assistant teaching professor at Penn State University and a former CIA intelligence officer, told VOA Mandarin that the tactics used in these attacks usually work against foreign governments. In this case, the hacking group used tactics against business interests on a global scale.
If these attacks had not been detected, the threat group would have gained access to thousands of companies and would have been able to spy on those companies, Eftimides said.
The report was released on the Palo Alto Networks website on November 7. The Chinese Ministry of State Security did not respond to the VOA’s request for comment.
Olson told CNN, which first reported the breach, that “overall, having access to that information can be really valuable,” adding, “even if it’s not classified information, how it does business.” There is, there is information about it.”
Palo Alto Networks said it traced two programs that were used, Godzilla and NGlite.
Both include instructions in Chinese “and are publicly available for download on GitHub,” the firm’s report said. GitHub is used by millions of developers and companies around the world for many things, including sharing computer code.
The cybersecurity firm said the tactics used in the attacks are similar to those used by Emissary Panda, a Chinese threat group that has been active since 2010.
According to cyber security firm TeamPassword.com, the group has been active in the Middle East and has attacked US defense contractors in the past.
Olson told newsweek that “we see an overlap with Emissary Panda/APT27 based on the equipment and techniques used in this campaign.” But he also emphasized that the firm has not yet conclusively held any threat group responsible for the attacks.
Palo Alto Networks did not disclose the names of any organizations that carried out the attack, but said the company was sharing the information to raise awareness of threats and fix vulnerabilities exploited by hackers.
The firm is working with the Cyber Security and Infrastructure Security Agency (CISA), a US federal agency responsible for strengthening cyber security and communications infrastructure.
Eric Goldstein, executive assistant director of cybersecurity at CISA, told VOA Mandarin via email that CISA was “working with Palo Alto Networks to understand, enhance and take action in response to the activity identified in this report.” ” The agency is working with the private sector through a joint cyber defense collaborative programme.
Retired intelligence officer, Eftimides said private companies are generally not equipped to deal with this type of threat.
He said that governments around the world, especially the US government, should develop a deterrent policy to reduce or prevent such attacks and develop a global coalition to respond to such attacks.
wall street journal It was reported last month that the US State Department is set to create a new Bureau of Cybersecurity and Digital Policy and a special envoy responsible for critical and emergency technology, to better address cybersecurity challenges.