U.S. report reveals Chinese hacker group launches new round of attacks on sensitive U.S. departments

[бывалый]

A recently released study confirms that nine international organizations were compromised by a hacking group with potential ties to China as part of an ongoing espionage campaign primarily targeting the defense sector. Experts said that China's strategy for this intrusion was to "cast a wide net" and attack the servers used by the target institutions and the software downloaded without directly attacking the targets, so that the target institutions were unknowingly "trapped".
Cybersecurity firm Palo Alto Networks released a report over the weekend saying the cyberattacks were part of a broader global campaign targeting at least 370 organizations in the U.S. alone using potentially vulnerable Zoho servers. attack and successfully compromised at least one server.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warned the public in September that hackers were exploiting software flaws on Zoho servers and urged users to update their systems. A few days later, hackers tracked by Palo Alto Networks had attacked 370 organizations in the United States alone and then began using the software to steal information.
Palo Alto Networks noted in its report that the organizations that were breached were in the fields of defense, education, energy, healthcare, and technology. The report said these cyber attacks focused on servers used by companies that cooperate with the Department of Defense, using methods and tools consistent with the practices of the Chinese hacker group "Emissary Panda".
CNN first reported the report. Ryan Olson, senior director at Palo Alto Networks, told CNN that in this case, hackers stole passwords from some target organizations with the goal of maintaining long-term access to those networks, and the intruders could then successfully intercept emails or Sensitive data stored on computer systems.
A 2015 report by cybersecurity firm SecureWorks suggested that China may be behind Panda Messenger because Panda Messenger is most active during Chinese workdays — noon to 5 p.m. Chinese time — when hackers use Baidu. As a search engine, some attack tools use Chinese and have launched attacks on Uyghurs.
Olson believes that nine victim organizations have been identified and more compromised organizations are expected to be discovered.
Nicholas Eftimiades, a retired senior U.S. intelligence official and expert on Chinese intelligence affairs, said that China used new tactics in this attack. He said that the methods used by China are usually the type of offensive espionage used by intelligence services only against foreign governments or other intelligence services, and China is using these methods around the world to attack companies and harm commercial interests, and companies are completely unequipped to defend against this. The ability to attack.
He told VOA: "The attack techniques we are seeing coming from China are not attacking companies directly, but attacking the servers and downloaded software systems used by target companies. Through these relatively new tactics, they are spreading a larger network, targeting companies less precisely and casting a wider net to involve more companies and government agencies, then cherry-picking the information they need."
Palo Alto Networks did not name any of the groups that were attacked, but said the company was sharing information in an effort to increase awareness of the threat and patch vulnerabilities exploited by the hackers.
U.S. defense contractors possess a wealth of national security-related secrets and are therefore often targeted by foreign hackers.
Cybersecurity firm Mandiant revealed in April that China-linked hackers have been exploiting a separate software vulnerability to disrupt the defense, financial and public sectors in the United States and Europe.
Federal officials told CNN that the revelations about the hacking campaign were evidence of their close collaboration with cybersecurity firms to combat the threat.
But Ephidimiades believes that the top priority for the United States is to formulate policies and strengthen cooperation with allies.
"What governments are not doing, especially the U.S. government, is developing deterrence policies to deter these types of attacks, reduce losses, and develop global alliances to respond to these types of attacks," he told VOA.
The Biden administration last month announced plans to create a cyberspace and digital policy bureau and appoint a new special envoy to oversee critical and emerging technologies to counter hackers, a plan that awaits congressional approval.