The suspected Chinese cyberespionage campaign was more sweeping than formerly known, with alleged state-backed hackers manipulating a device meant to boost internet security to penetrate the computers of critical United States entities. Moreover, the Pulse Connect Secure networking devices hack to light in April, but the scope of the hack is just now beginning to become clear.
The cyber hackers targeted Verizon and the most significant water agency in the country. Earlier this month, news broke that the hackers breached the subway system of New York City, the largest in the country. According to the security researchers, dozens of other high-value entities that are still not named were also targeted as part of the cyberattack of Pulse Secure, which governments and several companies used for secure remote access to their networks.
It is not clear what sensitive information, if any, accessed. Whereas some of the targets said, they didn’t see any sign of information that stolen. That ambiguity is common in cyberespionage, and it can take some months to find out data loss if it ever discovered. The Utah-based owner of Pulse Connect Secure, Ivanti, denied commenting on which customers affected.
However, even if sensitive data was not compromised, according to experts, it is worrying that cyber hackers managed to gain footholds in networks of sensitive firms whose secrets could of interest to China for national and commercial security concerns. Moreover, the CTO of Mandiant, Charles Carmakal, said that the threat actors could take access to some really prestigious firms.
U.S. Government is Investigating the Fallout of the SolarWinds Hacking Campaign
The Pulse Secure hack went unseen while several headline-grabbing ransomware attacks highlighted the cyber susceptibilities to the critical American infrastructure, such as one of the main fuels pipeline that driven broad shortages at gas stations. Still, the United States government is investigating the consequence of the Russian cyber criminals’ SolarWinds hacking campaign.
Furthermore, the hacking disturbed several private sector companies, think tanks, and also almost nine United States government agencies. The Office of the Director of the National Intelligence (ODNI) stated in its most recent yearly threat assessment that China has a long history of using the internet for spying against the United States and presents a high-volume and effective cyber-espionage threat.
Around six years back, Chinese hackers stole a huge number of background check files of federal administration employees by accessing them from the U.S. Office of Personnel Management (OPM). Similarly, in 2020, the Department of Justice charged two cyber hackers that, according to it, worked with the Chinese government to target drug companies developing vaccines for the COVID-19 and also stole intellectual property having worth hundreds of millions of dollars and trade secrets from firms globally.
Chinese Government Denied Role in the Hacking Campaign
The government of China declined any contribution to the Pulse hacking campaign, and the United States government has no formal acknowledgment. Security experts said that in the Pulse hacking campaign, sophisticated cyber hackers oppressed never-before-seen susceptibilities to break in.
The director of cyber at BAE Systems Applied Intelligence, Dr. Adrian Nish, said that the chance is very solid and hard to defend against, and the profile of victims is very significant. Further, he added that the attack targeted some networks that have national significance directly or indirectly.
Cybersecurity & Infrastructure Security Agency (CISA) issued an alert in April regarding Pulse hacking, saying that it was aware of the compromises affecting several American government agencies, private sector organizations, and critical infrastructure entities. Since then, the agency said that around five federal agencies of the country identified signs of possible illegal access but did not clarify which ones.