Nov 8, 2021 - Technology

Apparent spy campaign targeting defense and other sectors uncovered

  In this file photo taken on August 4, 2020, a member of the Red Hacker Alliance monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province.

A member of the Red Hacker Alliance group in Dongguan in China's southern Guangdong province. Photo: Nicolas Asfouri/AFP via Getty Images

Foreign hackers are suspected of compromising organizations in the technology, defense, healthcare, energy and education industries in the U.S. and other countries, cybersecurity firm Palo Alto Networks said late Sunday.

Why it matters: The National Security Agency contributed to Palo Alto Networks' report amid ongoing efforts to crack down on hackers who've been trying to steal critical data from targets including U.S. defense contractors, notes CNN, which first reported the breach.

What they found: "Through global telemetry, we believe that the actor targeted at least 370 Zoho [software] ... in the United States alone," Palo Alto Networks said in a blog post late Sunday of the attack that it said began Sept. 17 and continued through early October.

  • "Given the scale, we assess that these scans were largely indiscriminate in nature as targets ranged from education to Department of Defense entities," the post added.
  • Hackers gained access via a vulnerability in software used to manage network passwords.
"Ultimately, the actor was interested in stealing credentials, maintaining access and gathering sensitive files from victim networks for exfiltration."
— Excerpt from Palo Alto Network's report

Of note: Cybersecurity company Mandiant found evidence linking the ruling Chinese Communist Party to hack attacks on the U.S. government, businesses and American infrastructure earlier this year.

  • The NSA and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are working to combat such threats, CNN notes.

What they're saying: Eric Goldstein, executive assistant director for cybersecurity at CISA, said in an emailed statement that CISA worked with Palo Alto Network via the Joint Cyber Defense Collaborative (JCDC) to "understand, amplify, and drive action in response to the activity identified in this report."

  • "This partnership reflects the value of the JCDC, in which government and the private sector work together to gain visibility and reduce risks that no organization can achieve alone," Goldstein added.
  • Morgan Adamski, director of the NSA's Cybersecurity Collaboration Center, said in an emailed statement that the agency is "delivering real-time impact to our partners and the defense of the nation."
  • Wendi Whitmore, senior vice president of Palo Alto Networks Unit 42, said in an emailed statement that the research "underscores the importance of rapid patch management, real time threat intelligence sharing, and the ability to rapidly detect new threat activity within environments."
  • Whitmore urged organizations that use Zoho software to immediately address any vulnerabilities before resetting passwords.

What to watch: The Biden administration announced last month plans to create a bureau of cyberspace and digital policy and a new envoy to oversee critical and emerging technology in response to the hack attacks, pending congressional approval.

Editor's note: This story has been updated with Eric Goldstein's and Morgan Adamski's statement.

Go deeper