Governments and financial organizations around the world have been targeted by an espionage campaign allegedly linked to Chinese state-sponsored actors.
Earlier this week, American cybersecurity firm Ivanti acknowledged a flaw in its Pulse Connect Secure VPN (opens in new tab) devices that had allowed bad actors to move into the systems of “a very limited number of customers".
At the moment, there are no patches for the Pulse Connect Secure suite flaw, but mitigations have been put in place. The company expects a patch to be released next month.
- Here’s our list of the best Windows 10 VPN (opens in new tab) tools right now
- We’ve built a list of the best business VPN (opens in new tab) solutions on the market
- Check out our list of the best antivirus (opens in new tab) available
The flaw has been active for “months”, it was said, and a separate report from experts at FireEye suggests two distinct groups have been using it to eavesdrop on western businesses and government entities.
FireEye also said at least one of the groups “operates on behalf of the Chinese government”, but did not reveal the identity of the attackers, nor victims.
"The other one we suspect is aligned with China-based initiatives and collections," said Charles Carmakal, SVP at Mandiant, FireEye’s cybersecurity arm.
Similar attack pattern
China has denied all allegations, with the country’s US embassy claiming it "firmly opposes and cracks down on all forms of cyber attacks". Officials described FireEye's insinuations as "irresponsible and ill-intentioned."
FireEye, on the other hand, has based its conclusions on the tactics, tools, infrastructure and targets, all of which were strikingly similar to previous attacks linked to China.
The Department of Homeland Security was brief in its statement, saying it is working with Ivanti "to better understand the vulnerability in Pulse Secure VPN devices and mitigate potential risks to federal civilian and private sector networks".
Further details are scarce, but Carmakal did add that the attackers were working from American infrastructure, borrowing the naming conventions of their victims to help them hide in plain sight.
- Here's our rundown of the best endpoint protection software (opens in new tab) out there
Via: Reuters (opens in new tab)