+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Suspected Chinese agents have been hacking US government agencies by exploiting a weakness in a VPN for months, report says

Apr 21, 2021, 15:53 IST
Business Insider
A VPN logo seen on a smartphone. Not related to this story.Omar Marques/SOPA Images/LightRocket via Getty Images
  • The FireEye cybersecurity firm said Tuesday that Pulse Secure VPN had been compromised since June 2020.
  • Researchers said "defense, government, and financial organizations around the world" were affected.
  • FireEye said it suspects the Chinese government-linked UNC2630 hacking group was behind it.
Advertisement

Hackers with suspected ties to the Chinese government have been targeting US and international government departments, defense agencies, and financial institutions for months, researchers said Tuesday.

The cybersecurity firm FireEye reported that a VPN product from Pulse Secure had been compromised. CNN reported that the Pulse Secure VPN is widely used.

The hack began in June 2020 or earlier, the US Cybersecurity and Infrastructure Security Agency (CISA), an arm of the Department of Homeland Security, said in a Tuesday statement.

The VPN was used by "defense, government, and financial organizations around the world," FireEye said, without specifying further.

A US official told The Washington Post that the Department of Defense was not compromised.

Advertisement

FireEye said it believed that a hacking group known as UNC2630, which has links to the Chinese government, was behind the intrusion.

"We suspect UNC2630 operates on behalf of the Chinese government and may have ties to APT5," the authors said, referring to the APT5 hacking group that FireEye has previously linked to the Chinese government.

Charles Carmakal, FireEye's senior vice president, told Computer Weekly that UNC2630's primary goals were to maintain "long-term access to networks, collecting credentials, and stealing proprietary data."

The hackers were able to breach the Pulse Secure VPN product due to old vulnerabilities that were recently patched, FireEye said.

"We suspect some intrusions were due to the exploitation of previously disclosed Pulse Secure vulnerabilities from 2019 and 2020," the researchers wrote.

Advertisement

FireEye said UNC2630 deployed seven new malware tools to breach the product.

Pulse Secure also said in a Tuesday blog post that it was working to solve the issue in conjunction with CISA.

"The team has been working proactively with leading forensic experts and industry groups, including Mandiant/FireEye, CISA, and Stroz Friedberg, among others, to investigate and respond to the exploit behavior," the company said.

On Tuesday, the UK government's National Cyber Security Centre also published a statement about the hack, and urged any domestic customers to implement a workaround published by Pulse Secure immediately. The NCSC did not say whether any UK government agencies or private organizations had been affected by the hack.

The US regularly accuses China of trying to steal state secrets, accusations that officials in Beijing have denied.

Advertisement

Last month, White House warned that China was behind the recent hack of Microsoft's Exchange email product and, last July, the US accused Chinese hackers of trying to steal information related to Moderna's COVID-19 vaccines.

In 2017, the Justice Department concluded that Chinese hackers had stolen the personal information of 145 million Americans after accessing the Equifax credit reporting agency.

Pulse Secure products have been targeted by suspected Chinese hackers before.

In September 2019, ZDNet reported that VPN servers run by Fortinet and Pulse Secure were being targeted by the APT5 hacking group.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article