untitled design

Hackers tried to hack into several US security services, company says

Foreign hackers allegedly breached nine organizations in the defense, energy, healthcare, technology and education sectors, at least one of them in the United States, according to findings security firm Palo Alto Networks shared exclusively with CNN.

With the help of the US National Security Agency (NSA), cybersecurity researchers are exposing continued attempts by these unidentified hackers to steal sensitive data from US defense companies and other sensitive targets.

It is the kind of cyber espionage that the security agencies of the governments of Joe Biden and Donald Trump have aggressively sought to expose before there is any further damage. The purpose of making the information public is to alert other companies that might also be targeted and burn hackers’ tools in the process.

NSA and US Cyber ​​Security and Infrastructure Security Agency (Cisa) officials are tracking the threat.

In this case, hackers have stolen passwords from some organizations in order to maintain long-term access to those networks, Ryan Olson, senior executive at Palo Alto Networks, told CNN. Attackers would then be well placed to intercept sensitive data sent via email or stored on computers until it is evicted from the network.

Olson said the nine confirmed victims are the “point of the spear” of the apparent spy campaign and that he hopes more victims will show up.

It’s not clear who is responsible for the activity, but Palo Alto Networks said some of the attackers’ tactics and tools share commonalities with those used by an alleged group of Chinese hackers.

The NSA and Cisa have not commented on the identity of the hackers.

recurring target

With their hoard of national security-related secrets, US defense companies are a recurring target for foreign hackers.

Cybersecurity firm Mandiant revealed earlier this year that hackers linked to China were exploiting a different software vulnerability to breach financial and public sector organizations in the United States and Europe.

Any company doing business with the Pentagon may have a lot of data in their emails about defense contracts that might be of interest to foreign spies, said Olson, who is vice president of Palo Alto Networks’ Unit 42 division.

“Together, access to this information can be really valuable,” said Olson. “Even if it’s not confidential information, even if it’s just information about how the business is doing.”

In the activity revealed by Palo Alto Networks, attackers are exploiting a vulnerability in the software companies use to manage their network passwords.

Cisa and the FBI alerted the public in September that hackers were exploiting the software flaw and prompting organizations to update their systems. Days later, hackers tracked by Palo Alto Networks scanned 370 servers in the United States alone and then began to exploit the software.

Federal authorities told the CNN that the revelation of the new hacker invasion is evidence of their work with cybersecurity companies to preempt threats.

Cisa used a new public-private advocacy program to “understand, amplify and take action in response to identified activity” in the Palo Alto Networks report, said the agency’s executive assistant director for cybersecurity, Eric Goldstein.

The disclosure of the hacking attempt shows how the NSA is “delivering real-time impact to our partners and the nation’s defense,” Morgan Adamski, director of the agency’s Cybersecurity Collaboration Center, said in a statement to CNN.

Reference: CNN Brasil

You may also like

Get the latest

Stay Informed: Get the Latest Updates and Insights

 

Most popular