Hackers raped defense organizations and other sensitive industries, security firm says
With help from the National Security Agency, cybersecurity researchers expose the continuing efforts of these unidentified hackers to steal key data from U.S. defense contractors and other sensitive targets.
Officials from the NSA and the US Cybersecurity and Infrastructure Security Agency (CISA) are tracking the threat. An NSA division tasked with mitigating foreign cyber threats against the US defense industrial base contributed to the analysis of the Palo Alto Networks report.
In this case, the hackers stole the passwords of some targeted organizations in an attempt to maintain long-term access to these networks, Ryan Olson, a senior executive at Palo Alto Networks, told CNN. Intruders could then be in a good position to intercept sensitive data sent by email or stored on computer systems until it is kicked off the network.
Olson said the nine confirmed victims are the “tip of the spear” of the apparent spy campaign, and that he expects more victims to emerge. It’s unclear who is responsible for the activity, but Palo Alto Networks said some of the attackers’ tactics and tools overlap with those used by a suspected Chinese hacking group.
The NSA and CISA declined to comment on the identity of the hackers.
With their treasure trove of national security secrets, US defense contractors are a recurring target for foreign hackers.
Cyber security firm Mandiant revealed earlier this year that hackers linked to China exploited a different software vulnerability to breach defense, financial and public sector organizations in the United States and Europe.
Any company doing business with the Pentagon might have a slew of defense contract data in their emails that might be of interest to foreign spies, said Olson, vice president of Unit 42 at Palo Alto Networks.
“Overall, access to this information can be very valuable,” Olson said. “Even if it is not classified information, even if it is only information about the operation of the business.”
In activity revealed by Palo Alto Networks, attackers exploit a vulnerability in software that organizations use to manage their network passwords. The CISA and the FBI warned the public in September that hackers were exploiting the software flaw and urged organizations to update their systems. A few days later, the hackers tracked down by Palo Alto Networks scanned 370 computer servers running the software in the United States alone and then began mining the software.
Olson encouraged organizations using Zoho software to update their systems and look for signs of a violation.
Federal officials told CNN that the revelation of hacking activity was proof of their close collaboration with cybersecurity companies to stay on top of threats.
CISA used a nascent public-private defensive agenda to “understand, amplify and lead actions in response to the activity identified” in the Palo Alto Networks report, said Eric Goldstein, CISA executive deputy director for cybersecurity.
The disclosure of the hacking campaign shows how the NSA “is having a real-time impact on our partners and the defense of the nation,” Morgan Adamski, director of the agency’s Cybersecurity Collaboration Center, said in a statement to CNN.