/CCP Tied to New Hack Targeting U.S. Government and Businesses
CCP Tied to New Hack Targeting U.S. Government and Businesses

CCP Tied to New Hack Targeting U.S. Government and Businesses


CCP Tied to New Hack Targeting U.S. Government and Businesses

Rebecca Falconer | Axios

The Chinese Communist Party is believed to be responsible for newly found hack attacks on the U.S. government, businesses and American infrastructure, cybersecurity company Mandiant said Wednesday.
Why it matters: This is the third major cybersecurity breach to hit the U.S. in recent months — including two in March blamed on hackers linked to China’s government: one targeting 30,000 U.S. victims, including small businesses and local governments, the other hitting Microsoft.
Get market news worthy of your time with Axios Markets. Subscribe for free.
  • Charles Carmakal, a senior vice president of Mandiant, told NBC News Wednesday, “We’re starting to see a resurgence of espionage activity from the Chinese government.”
    Charles Carmakal, a senior vice president of Mandiant, told NBC News Wednesday, “We’re starting to see a resurgence of espionage activity from the Chinese government.”
    The Chinese Communist Party is believed to be responsible for newly found hack attacks on the U.S. government, businesses and American infrastructure, cybersecurity company Mandiant said Wednesday.
    Why it matters: This is the third major cybersecurity breach to hit the U.S. in recent months — including two in March blamed on hackers linked to China’s government: one targeting 30,000 U.S. victims, including small businesses and local governments, the other hitting Microsoft.
    Get market news worthy of your time with Axios Markets. Subscribe for free.
    Driving the news: The U.S. Cybersecurity and Infrastructure Security Agency said in a statement Tuesday that the breach was “affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations.”
    Zoom in: Carmakal said in an emailed statement that Mandiant “recently responded to multiple security incidents involving the exploitation of Pulse Secure VPN appliances,” which is used by businesses for remote work.
    • “We suspect these intrusions align with data and intelligence collection objectives by China,” Carmakal added.
    • Per Carmakal, the hackers bypassed the multifactor authentication on Pulse Secure devices to access the as-yet unnamed victims’ networks, accessing these sites “for several months without being detected.”
    • “We believe that multiple cyberespionage groups are using these exploits and tools, and there are some similarities between portions of this activity and a Chinese actor we call APT5. “
      Carmakal
      Of note: President Biden took office a month after cybersecurity firm SolarWinds announced it was hacked in December, in a breach that was later discovered to be part of a massive cyberattack by suspected Russian hackers on multiple government agencies and U.S. firms.

      In response, the Biden administration imposed sweeping sanctions targeting the Russian economy earlier this month.Homeland Security Secretary Alejandro Mayorkas announced earlier this month a program designed to counter online attacks

    The breach affected “dozens of organizations including government agencies, financial entities, and defense companies” in the U.S. and Europe, he said.
Original Source