



According to FireEye, a major cybersecurity firm, alleged state-backed Chinese hackers exploited widely used network devices to spy on dozens of high-value targets from the government, the defense industry and for months. the financial sector in the United States and Europe.

FireEye said on Tuesday it believed two China-linked hacking groups penetrated multiple targets through Pulse Connect Secure devices, which many businesses and governments use for secure remote access to their networks.

After FireEye published a blog post detailing its findings on Tuesday, the Department of Homeland Security’s Cyber ​​and Infrastructure Security Agency issued an alert saying it was aware of the ongoing exploitation of “Pulse. Connect Secure which compromises US government agencies, critical infrastructure entities and the private sector.The agency did not provide additional details on which organizations were the subject of a breach.

Ivanti, the owner of Utah-based Pulse Connect Secure, said a limited number of customers have seen evidence of exploitative behavior. “The company said the hackers used three known exploits and one hitherto unknown.

The company says it will release a patch in early May.

Charles Carmakal, chief technology officer at FireEye, said he’s still trying to piece together details about the hack, but available evidence suggests the hackers are aligned with the Chinese government.

Carmakal, whose company discovered in December the month-long SolarWinds hack campaign attributed to Russian cyberspies, said the Pulse Connect Secure hack had several notable aspects: Hackers were highly skilled, were able to evade authentication multifactorial and could remain hidden on a penetrated network even if the software was reset or upgraded.

Their craftsmanship is really good, he said.

Neither FireEye nor Ivanti said who was targeted. But Carmakal said the people hacked were government agencies in the United States and Europe, as well as United States-based defense companies that the Chinese government would be interested in.

They are high profile victims, he said.

A spokesperson for the Chinese embassy, ​​Liu Pengyu, said it was irresponsible and ill-intentioned to accuse a particular party when there was insufficient evidence.

The new disclosure comes at a time of heightened interest in US cybersecurity defenses. U.S. officials continue to grapple with the aftermath of the SolarWinds intrusion, which hit agencies such as the Treasury, Justice, and Homeland Security departments.

The breach revealed vulnerabilities in the supply chain as well as weaknesses in the federal government’s cyber defenses.

