Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

China-Linked Hackers Used VPN Flaw to Target US Defense Industry: Researchers
Reuters via Epoch Times ^ | 04/21/2021

Posted on 04/21/2021 5:33:31 PM PDT by SeekAndFind

WASHINGTON—At least two groups of China-linked hackers have spent months using a previously undisclosed vulnerability in virtual private networking devices to spy on the U.S. defense industry, researchers and the devices’ manufacturer said.

Utah-based IT company Ivanti said in a statement on April 20 the hackers took advantage of the flaw in its Pulse Connect Secure suite to break into the systems of “a very limited number of customers.”

Ivanti said that while mitigations are in place, a fix for the issue would be unavailable until early May.

Ivanti provided no details about who might be responsible for the espionage campaign but, in a report timed to Ivanti’s announcement, cybersecurity company FireEye Inc. said it suspects that at least one of the hacking groups operates on behalf of the Chinese government.

“The other one we suspect is aligned with China-based initiatives and collections,” said Charles Carmakal, a senior vice president of Mandiant, an arm of Fireye, ahead of the report’s release.

While tying hackers to a specific country is fraught with uncertainty, Carmakal said his analysts’ judgment was based on a review of the hackers’ tactics, tools, infrastructure, and targets—many of which echoed past China-linked intrusions.

Chinese Embassy spokesperson Liu Pengyu says China “firmly opposes and cracks down on all forms of cyberattacks,” while describing FireEye’s allegations as “irresponsible and ill-intentioned.”

FireEye declined to identify the hackers’ targets, identifying them only as “defense, government, and financial organizations around the world.” It said the group of hackers suspected of working on Beijing’s behalf were particularly focused on the U.S. defense industry.

In a statement, the cyber arm of the Department of Homeland Security said it was working with Ivanti “to better understand the vulnerability in Pulse Secure VPN devices and mitigate potential risks to federal civilian and private sector networks.”

(Excerpt) Read more at theepochtimes.com ...


TOPICS:
KEYWORDS: china; cyberattacks; defense; hacking

1 posted on 04/21/2021 5:33:31 PM PDT by SeekAndFind
[ Post Reply | Private Reply | View Replies]

Flaw or invitation?


2 posted on 04/21/2021 5:35:25 PM PDT by Gene Eric (Don't be a statist!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind

Much of the problem is the IT guys constantly wanting a new box, a new vendor.

Cisco is proven and the most secure.

And when a problem arises they can have a patch ready in 24hrs, with an army onsite to fix it.

Why that is not more highly valued is beyond me.


3 posted on 04/21/2021 5:38:55 PM PDT by Mariner (War Criminal #18)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mariner

Blame the business for penny pinching most of the time.


4 posted on 04/21/2021 5:49:06 PM PDT by miliantnutcase
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce; dayglored; Whenifhow; null and void; aragorn; EnigmaticAnomaly; kalee; Kale; ...

p


5 posted on 04/21/2021 6:03:30 PM PDT by bitt (People who wonder if the glass is half empty or half full miss the point. The glass is refillable.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind; rdb3; JosephW; martin_fierro; Still Thinking; zeugma; Vinnie; ironman; Egon; raybbr; ..

6 posted on 04/21/2021 6:06:38 PM PDT by ShadowAce (Linux - The Ultimate Windows Service Pack )
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind
https://redmondmag.com/articles/2021/04/21/pulse-connect-critical-vulnerability.aspx

All your data are belong to China.

7 posted on 04/21/2021 6:21:29 PM PDT by TChad (The MSM, having nuked its own credibility, is now bombing the rubble.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mariner

I thought Cisco was tied to China years ago...


8 posted on 04/21/2021 6:25:37 PM PDT by Bikkuri (If you're conservative, you're an "extremist." If you're liberal, you're an "activist.")
[ Post Reply | Private Reply | To 3 | View Replies]

To: Bikkuri

no.


9 posted on 04/21/2021 6:26:11 PM PDT by Mariner (War Criminal #18)
[ Post Reply | Private Reply | To 8 | View Replies]

To: SeekAndFind

I am a retired sysadmin, who worked, primarily on US Army networks, managing servers, remotely. I never had any issues, I believe, because the older guard were competent sysadmins. I would do simple things, like create a fake root account, that could only access parts of hard drives which contained misinformation. Typically, my root accounts were usernamed: “guest” or some variation thereof. No access was allowed into my servers, unless it came from specific IP addresses, no access was allowed unless the IP address matched the MAC address. All traffic was encrypted with pre-shared keys, that were changed each day. A honey pot was always used on the network segment, as was various intrusion detection hardware devices. There were certain systems which needed better security, and these were maintained in an RF proof room, disconnected from the external world. All of our software was written “in-house” and there were no opportunities for vulnerabilities to be introduced, either accidentally, or deliberately, as any software that was written, was passed around among a very brilliant group of coders, who tried to hack it.

We had issues with the Chinese, but we kept them at bay, and understood the malevolent intentions that China has towards the US. DoD recruited the best and brightest, and none were anything but born and raised American. Since we have opened admission to our best CS schools to anyone from any country, they now have some of the best and brightest minds working to gain access. What did Academia think would happen by allowing 85% of their IT students to be Chinese?


10 posted on 04/21/2021 6:50:52 PM PDT by krogers58
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind

can we blow them up now?

can we blow them up now?

can we blow them up now?


11 posted on 04/21/2021 6:52:18 PM PDT by Pollard ( )
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mariner

Much of the problem is the IT guys constantly wanting a new box, a new vendor.

It’s not just that, it’s also the fact that Cisco licensing is now so obfuscated it should be classified as fiction.


12 posted on 04/21/2021 6:54:18 PM PDT by ro_dreaming ("XX = female; XY = male. Who's the science deniers now?" - Me)
[ Post Reply | Private Reply | To 3 | View Replies]

To: ro_dreaming

enterprise license is the way to go.

and an account they can debit at will lol


13 posted on 04/21/2021 7:16:21 PM PDT by Mariner (War Criminal #18)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Mariner

Oh, I know the enterprise license is the way to go in most cases, because you honestly never know what the client will want/need a year from now.

But, yes, that is going to cost $$


14 posted on 04/21/2021 8:52:52 PM PDT by ro_dreaming ("XX = female; XY = male. Who's the science deniers now?" - Me)
[ Post Reply | Private Reply | To 13 | View Replies]

To: krogers58

All traffic was encrypted with pre-shared keys, that were changed each day


Once that system is broken all the rest falls into line to be hacked, like when we broke the Russians 5 day pads.


15 posted on 04/22/2021 4:25:23 AM PDT by PIF (They came for me and mine ... now its your turn)
[ Post Reply | Private Reply | To 10 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson