Chinese hackers have hacked into a US bypass software (VPN) company into the computer networks of US defense companies, IT security consultant Mandiant said on Tuesday.
• Read also: Microsoft flaw: 30,000 American organizations victims of Chinese hackers
According to the report published by Mandiant, at least two hacker groups, one of which is believed to be close to the Chinese government, are linked to the malware that exploited vulnerabilities in VPNs – systems that allow a secure connection to be established – of the company Pulse Secure, which belongs to the Ivanti group, based in Utah, state of the western United States.
Hackers used the malware to attempt to steal the identities of VPN users and break into the computer systems of advocacy groups between October 2020 and March 2021, the report said.
Governments and financial companies in Europe and the United States have also been targeted, according to the American consultant, who refers to one of the groups as UNC2630.
“We suspect UNC2630 is operating on behalf of the Chinese government and having ties to APT5,” a hacker group known to be linked to the Beijing authorities, Mandiant’s report said.
The consultant specifies that a “reliable third party” has also linked this new piracy to APT5.
“APT5 regularly targets networks of high added value groups,” he adds. “Their preferred targets seem to be companies in the aerospace and defense sector, located in the United States, Europe and Asia.”
The report does not specify how many companies were affected.
Pulse Secure confirmed most of Mandiant’s report, noting that it has already provided its customers with solutions to block the malware.
The VPN maker said the hack had affected “a limited number of customers.”