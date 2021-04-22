



China is behind a series of recently uncovered hacks against key targets in the U.S. government, private companies and critical infrastructure nationwide, cybersecurity firm Mandiant said on Wednesday.

The hack works by breaking into Pulse Secure, a program that companies often use to allow workers to remotely log into their offices. The company announced on Tuesday how users can check if they are affected, but said the software update intended to prevent the risk to users will not be released until May.

The campaign is the third distinct and harsh cyberespionage operation against the United States made public in recent months, focusing on an already strained cybersecurity workforce. The U.S. government accused Russia in January of hacking nine government agencies through SolarWinds, a Texas software company widely used by U.S. businesses and government agencies. In March, Microsoft blamed China for launching a free-for-all program where numerous hackers broke into organizations around the world through the Microsoft Exchange email program.

In all three campaigns, hackers first used these programs to hack victims’ computer networks, then created backdoors to spy on them for months or more.

The U.S. Agency for Cybersecurity and Infrastructure Security, or CISA, said Tuesday night in a warning that the latest hacking campaign “is currently affecting U.S. government agencies, critical infrastructure entities, and other industry organizations. private”.

The CISA activated its strictest emergency powers on Tuesday evening, forcing every civilian government agency to scan to see if it was affected by the hack and take action to address it. Although historically rare for it to do so, this is the second time in seven weeks that the agency has issued an emergency directive after the Exchange hack.

“In recent months we’ve been posting them more and more frequently, which is definitely a concern and something we don’t take lightly,” said Matt Hartman, deputy executive deputy director of cybersecurity for the agency. .

“At CISA, we are very concerned,” he said.

Unlike the hacks on SolarWinds and Exchange, both of which have had at least tens of thousands of potential victims, there is little indication that China has used Pulse to hack large numbers of targets. But the hack is particularly significant because it gave China access to several federal agencies and major U.S. corporations for months, said Charles Carmakal, chief technology officer of Mandiant.

“We are starting to see an upsurge in espionage activity by the Chinese government,” he said.

None of the casualties have yet been made public, although that will likely change, Carmakal said.

“In the weeks and months to come, we will have a better idea of ​​the importance of this agreement from a national security point of view,” he said.

As with the stock market hack, China has deviated but has not denied its responsibility. In an emailed statement, a spokesman for the Chinese Embassy in the United States, Liu Pengyu, said China is “a strong advocate of cybersecurity” and “strongly opposes and suppresses all forms of cyber attacks.

