Mandiant, IT security consultant, said Tuesday that Chinese hackers have penetrated a US bypass software company (VPN) of US defense companies’ computer networks.
According to the report published by Mandiant, there are at least two groups of hackers, one of which is believed to be close to the Chinese government, linked to malware that has exploited vulnerabilities in VPNs – the systems that allow establishing a secure connection – from Pulse Secure, which belongs to the Ivanti group. Based in Utah, the western state of the United States.
The report said that hackers used malware in an attempt to steal the identities of VPN users and penetrate the computer systems of advocacy groups between October 2020 and March 2021.
Governments and financial companies in Europe and the United States have also been targeted, according to the US advisor, who refers to one of the groups as UNC2630.
“We suspect that UNC2630 is acting on behalf of the Chinese government and has ties to APT5,” the Mandiant Report said, a hacker group known to be associated with Beijing authorities.
The advisor specifies that a “trusted third party” has also linked this new hacking to APT5.
“APT5 regularly targets high value-added group networks,” he adds. “It appears that their preferred targets are companies in the aviation and defense sectors located in the United States, Europe and Asia.”
The report does not specify how many companies were affected.
Pulse Secure confirmed most of Mandiant’s report, stating that it has already provided its customers with solutions to prevent malware.
The VPN maker said the breach affected “a limited number of customers”.