Headlines

Hackers have breached organizations in defense and other sensitive sectors,


With the help of the National Security Agency, cybersecurity researchers are exposing an ongoing effort by these unidentified hackers to steal key data from US defense contractors and other sensitive targets.

It’s the type of cyber espionage that security agencies in both the Biden and Trump administrations have aggressively sought to expose before it does too much damage. The goal in going public with the information is to warn other corporations that might be targeted and to burn the hackers’ tools in the process.

Officials from the NSA and the US Cybersecurity and Infrastructure Security Agency (CISA) are tracking the threat. A division of the NSA responsible for mitigating foreign cyber threats to the US defense industrial base contributed analysis to the Palo Alto Networks report.

In this case, the hackers have stolen passwords from some targeted organizations with a goal of maintaining long-term access to those networks, Ryan Olson, a senior Palo Alto Networks executive, told CNN. The intruders could then be well placed to intercept sensitive data sent over email or stored on computer systems until they are kicked out of the network.

Olson said that the nine confirmed victims are the “tip of the spear” of the apparent spying campaign, and that he expects more victims to emerge. It’s unclear who is responsible for the activity, but Palo Alto Networks said some of the attackers’ tactics and tools overlap with those used by a suspected Chinese hacking group.

The NSA and CISA declined to comment on the identity of the hackers.

With their trove of national security-related secrets, US defense contractors are a recurring target for foreign hackers.

Cybersecurity firm Mandiant earlier this year revealed that China-linked hackers had been exploiting a different software vulnerability to breach defense, financial and public sector organizations in the US and Europe.

Any company doing business with the Pentagon could have a range of data in their emails about defense contracts that could be of interest to foreign spies, said Olson, who is vice president of Palo Alto Networks’ Unit 42 division.

“In aggregate, access to that information can be really valuable,” Olson said. “Even if it’s not classified information, even if it’s just information about how the business is doing.”

US calls on Russia to do more to crack down on ransomware groups as White House hosts meeting with allies

In the activity revealed by Palo Alto Networks, the attackers are exploiting a vulnerability in software that corporations use to manage their network passwords. CISA and the FBI warned the public in September that hackers were exploiting the software flaw and urged organizations to update their systems. Days later, the hackers tracked by Palo Alto Networks scanned 370 computer servers running the software in the US alone, and then began to exploit the software.

Olson encouraged organizations that use the Zoho software to update their systems and search for signs of a breach.

Federal officials told CNN the revelation of the hacking activity is evidence of their close work with cybersecurity firms to stay on top of threats.

CISA used a nascent public-private defensive program to “understand, amplify, and drive action in response to the activity identified” in the Palo Alto Networks…



Read More: Hackers have breached organizations in defense and other sensitive sectors,

You might also like More from author

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Live News

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

We respect your privacy and take protecting it seriously