The United States is once again the victim of a cyberattack by groups linked to a state.
Chinese hackers have hacked into a US bypass software (VPN) company into the computer networks of US defense companies, IT security consultant Mandiant said on Tuesday.
According to the report published by Mandiant, at least two hacker groups, one of which is believed to be close to the Chinese government, are linked to the malware that exploited the VPN vulnerabilities of Pulse Secure, which belongs to the Ivanti group, based in Utah, state of western United States.
Hackers used the malware to attempt to steal the identities of VPN users and break into the computer systems of advocacy groups between October 2020 and March 2021, the report said.
Europe also targeted
Governments and financial companies in Europe and the United States have also been targeted, according to the American consultant, who refers to one of the groups as UNC2630.
"We suspect UNC2630 is operating on behalf of the Chinese government and having ties to APT5," a hacker group known to be linked to the Beijing authorities, the Mandiant report said.
The consultant specifies that a "reliable third party" has also linked this new piracy to APT5.
“APT5 regularly targets networks of high added value groups,” he adds.
"Their preferred targets seem to be companies in the aeronautics and defense sector, located in the United States, Europe and Asia."
The report does not specify how many companies were affected.
Pulse Secure confirmed most of Mandiant's report, noting that it has already provided its customers with solutions to block the malware.
The VPN manufacturer, however, assured that the hacking had affected "a limited number of customers".
A foundation managing 13 health clinics victim of massive hacking
More malware is invading Discord and Slack