Critical infrastructure hit in active espionage, IP theft hack globally
Hackers linked with foreign governments, known as advanced persistent threats (APT) actors, are using stolen administrative credentials and inject malware into critical systems around the world, including in the U.S., the Department of Homeland Security warned Wednesday.
Why it matters: The attackers are still active, per DHS, and have affected information technology, energy, healthcare, communications, and critical manufacturing sectors. These threat actors are particularly difficult to detect since their use of stolen credentials can make them appear to be authorized users and their movement between service providers and customers’ shared networks can conceal some of their activity, per DHS.
Between the lines: DHS said today’s threat alert builds on a previous threat that has been linked with the Chinese APT group, APT10, so these hacks are likely linked with China.
What they’re saying: "DHS is not aware of any entities experiencing significant disruptions to operations and there is no significant threat to public health or safety," per a press release.