Apr 22, 2021 - Technology

China's government tied to new hack attacks targeting U.S. government

Prince, a member of the hacking group using a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province in 2020
A member of the hacking group Red Hacker Alliance monitoring global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province. Photo: Nicolas Sfouri/AFP via Getty Images

The Chinese Communist Party is believed to be responsible for newly found hack attacks on the U.S. government, businesses and American infrastructure, cybersecurity company Mandiant said Wednesday.

Why it matters: This is the third major cybersecurity breach to hit the U.S. in recent months — including two in March blamed on hackers linked to China's government: one targeting 30,000 U.S. victims, including small businesses and local governments, the other hitting Microsoft.

  • Charles Carmakal, a senior vice president of Mandiant, told NBC News Wednesday, "We're starting to see a resurgence of espionage activity from the Chinese government."

Driving the news: The U.S. Cybersecurity and Infrastructure Security Agency said in a statement Tuesday that the breach was "affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations."

Zoom in: Carmakal said in an emailed statement that Mandiant "recently responded to multiple security incidents involving the exploitation of Pulse Secure VPN appliances," which is used by businesses for remote work.

  • The breach affected "dozens of organizations including government agencies, financial entities, and defense companies" in the U.S. and Europe, he said.
  • "We suspect these intrusions align with data and intelligence collection objectives by China," Carmakal added.
  • Per Carmakal, the hackers bypassed the multifactor authentication on Pulse Secure devices to access the as-yet unnamed victims' networks, accessing these sites "for several months without being detected."
"We believe that multiple cyber espionage groups are using these exploits and tools, and there are some similarities between portions of this activity and a Chinese actor we call APT5. "
— Carmakal

Of note: President Biden took office a month after cybersecurity firm SolarWinds announced it was hacked in December, in a breach that was later discovered to be part of a massive cyberattack by suspected Russian hackers on multiple government agencies and U.S. firms.

Go deeper