Chinese hackers breach critical agencies, firms
Sophisticated Chinese government hackers are believed to have compromised dozens of US government agencies, defence contractors, financial institutions and other critical sectors, according to a private cybersecurity firm working with the federal government.
Security company FireEye said the intrusions were ongoing, and were the latest in a series of disturbing compromises of government agencies and private companies.
The investigation was in its early stages but already had turned up evidence that the intruders breached sensitive defence companies, FireEye said. This was not the case with the previous Russian Solar Winds campaign, which compromised nine federal agencies but not the Pentagon or its contractors.
The Defence Department was not known to have been compromised in the current campaign, but the investigation was still ongoing, said one US official who spoke on the condition of anonymity.
The hacking group involved was ‘‘very advanced’’ in its steps to evade detection, said Charles Carmakal, chief technology officer of Mandiant, a division of
FireEye. The campaign was targeted, focusing on high-value victims with information of value to the Chinese government, he said.
‘‘This looks like classic Chinabased espionage,’’ Carmakal said. ‘‘There was theft of intellectual property, project data. We suspect there was data theft that occurred that we won’t ever know about.’’
The Chinese group, sometimes known as APT5, had previously targeted defence contractors, telecommunications companies and other critical sectors, he said.
FireEye had also detected a second group involved in the hacking operation but could not tell whether it was based in China or had government links, Carmakal said.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and FireEye said the flaws were in Pulse Secure virtual private network servers that enabled employees to remotely access their company networks.
CISA said the hacks began last June or earlier. FireEye first detected the private sector intrusions earlier this year and notified the government ‘‘a few weeks ago’’, Carmakal said.
At least a dozen US government agencies have or recently had contracts for the popular software, according to a Washington Post review.