Posted on 04/21/2021 5:33:31 PM PDT by SeekAndFind
WASHINGTON—At least two groups of China-linked hackers have spent months using a previously undisclosed vulnerability in virtual private networking devices to spy on the U.S. defense industry, researchers and the devices’ manufacturer said.
Utah-based IT company Ivanti said in a statement on April 20 the hackers took advantage of the flaw in its Pulse Connect Secure suite to break into the systems of “a very limited number of customers.”
Ivanti said that while mitigations are in place, a fix for the issue would be unavailable until early May.
Ivanti provided no details about who might be responsible for the espionage campaign but, in a report timed to Ivanti’s announcement, cybersecurity company FireEye Inc. said it suspects that at least one of the hacking groups operates on behalf of the Chinese government.
“The other one we suspect is aligned with China-based initiatives and collections,” said Charles Carmakal, a senior vice president of Mandiant, an arm of Fireye, ahead of the report’s release.
While tying hackers to a specific country is fraught with uncertainty, Carmakal said his analysts’ judgment was based on a review of the hackers’ tactics, tools, infrastructure, and targets—many of which echoed past China-linked intrusions.
Chinese Embassy spokesperson Liu Pengyu says China “firmly opposes and cracks down on all forms of cyberattacks,” while describing FireEye’s allegations as “irresponsible and ill-intentioned.”
FireEye declined to identify the hackers’ targets, identifying them only as “defense, government, and financial organizations around the world.” It said the group of hackers suspected of working on Beijing’s behalf were particularly focused on the U.S. defense industry.
In a statement, the cyber arm of the Department of Homeland Security said it was working with Ivanti “to better understand the vulnerability in Pulse Secure VPN devices and mitigate potential risks to federal civilian and private sector networks.”
(Excerpt) Read more at theepochtimes.com ...
Flaw or invitation?
Much of the problem is the IT guys constantly wanting a new box, a new vendor.
Cisco is proven and the most secure.
And when a problem arises they can have a patch ready in 24hrs, with an army onsite to fix it.
Why that is not more highly valued is beyond me.
Blame the business for penny pinching most of the time.
p
All your data are belong to China.
I thought Cisco was tied to China years ago...
no.
I am a retired sysadmin, who worked, primarily on US Army networks, managing servers, remotely. I never had any issues, I believe, because the older guard were competent sysadmins. I would do simple things, like create a fake root account, that could only access parts of hard drives which contained misinformation. Typically, my root accounts were usernamed: “guest” or some variation thereof. No access was allowed into my servers, unless it came from specific IP addresses, no access was allowed unless the IP address matched the MAC address. All traffic was encrypted with pre-shared keys, that were changed each day. A honey pot was always used on the network segment, as was various intrusion detection hardware devices. There were certain systems which needed better security, and these were maintained in an RF proof room, disconnected from the external world. All of our software was written “in-house” and there were no opportunities for vulnerabilities to be introduced, either accidentally, or deliberately, as any software that was written, was passed around among a very brilliant group of coders, who tried to hack it.
We had issues with the Chinese, but we kept them at bay, and understood the malevolent intentions that China has towards the US. DoD recruited the best and brightest, and none were anything but born and raised American. Since we have opened admission to our best CS schools to anyone from any country, they now have some of the best and brightest minds working to gain access. What did Academia think would happen by allowing 85% of their IT students to be Chinese?
can we blow them up now?
can we blow them up now?
can we blow them up now?
Much of the problem is the IT guys constantly wanting a new box, a new vendor.
It’s not just that, it’s also the fact that Cisco licensing is now so obfuscated it should be classified as fiction.
enterprise license is the way to go.
and an account they can debit at will lol
Oh, I know the enterprise license is the way to go in most cases, because you honestly never know what the client will want/need a year from now.
But, yes, that is going to cost $$
All traffic was encrypted with pre-shared keys, that were changed each day
—
Once that system is broken all the rest falls into line to be hacked, like when we broke the Russians 5 day pads.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.