1. News
June 15, 2021

Pulse Secure cyberattack affected critical US targets – report

By Elles Houweling

A cyberespionage campaign blamed on Chinese state-backed entities was more sweeping than previously known, with hackers exploiting a device meant to boost internet security in order to penetrate the computers of critical US entities.

The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear. The Associated Press reported that the telecommunications giant Verizon was among the targeted hackers. According to the Los Angeles Times, the Metropolitan Water District of Southern California was also targeted.

Earlier this month, news broke that the New York City subway system was breached.

Security researchers say dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, a virtual private network (VPN) provider used by many companies and governments for secure remote access to their networks.

Per Associated Press report, it is unclear what sensitive information, if any, was accessed. Some of the targets said they did not see any evidence of data being stolen. That uncertainty is common in cyberespionage, and it can take months to determine data loss if it is ever discovered.

But even if sensitive information wasn’t compromised, experts say it is worrisome that hackers managed to gain footholds in networks of critical organisations whose secrets could be of interest to China for commercial and national security reasons.

What happened previously

In April, Reuters reported that at least two groups of hackers with links to China had spent months using an undisclosed vulnerability in American networking devices to spy on the US defence industry, researchers and the devices.

Ivanti, the IT company behind the Pulse Secure VPN, said at the time that hackers took advantage of a flaw in the service to break into the systems of “a very limited number of customers.”

In an analysis, cybersecurity company FireEye said it suspected that at least one of the hackers operated on behalf of the Chinese government. “The other one we suspect is aligned with China-based initiatives and collections,” FireEye’s Charles Carmakal told Reuters.

In 2020 FireEye warned that Beijing-aligned hackers were targeting devices manufactured by Citrix and Cisco to break into a host of companies in what it described as one of the broadest campaigns by a Chinese actor that it had seen in years.

Carmakal added that the hackers were operating from US digital infrastructure and borrowing the naming conventions of their victims to camouflage their activity so they would look like any other employee logging in from home.

Recently, a series of headline-grabbing ransomware attacks have highlighted the cyber vulnerabilities to US government entities and private businesses alike. This includes the Colonial Pipeline hack, which forced a five-day closure of the line that carries 45% of the East Coast’s fuel supply.

The US government is also still investigating the fallout of the SolarWinds hacking campaign launched by Russian cyberspies, which affected 18,000 organisations globally.