Chinese Hackers Targeting U.S. Defense Industry With Pulse Secure 0-Day Flaw
This year, there have been several cybersecurity incidents, such as the Microsoft Exchange issue, across numerous industries and government organizations. It appears that the defense industry is now being targeted by at least two China-linked hacking groups who are leveraging Pulse Secure VPN devices from IT company Ivanti.
Phil Richard, CSO at Pulse Secure, posted a security update today reporting that the company had been made aware of a new vulnerability with Pulse Connect Secure appliances. Subsequently, the company is working with security company FireEye, among others, to investigate and respond to the exploitative behavior on the vulnerable appliances.
Simultaneously, FireEye released a report on the security incident and what has been found so far. At present, FireEye is tracking 12 separate malware families that utilize older vulnerabilities dating back to 2019 and a new zero-day discovered this year. The report also states that while researchers discovered malware samples at international victim organizations, hackers used one specific family to target U.S. Defense Industrial base networks.
Though it is early in the investigation, the malware family used to target U.S. D.I.B. networks is suspected to originate from China. Furthermore, the group behind this malware is believed to be operating on behalf of the Chinese government with possible ties to APT5. A trusted third-party to FireEye uncovered evidence linking the new malicious activity to historic APT5 campaigns, though FireEye is not willing or able to make the same connection.
Whatever the case may be, companies with Pulse Secure appliances should apply the latest patches and begin internal investigations with forensic analysis to be safe. Moreover, all companies should always consider themselves under attack and be on alert.