A U.S. cybersecurity organization claimed that a hacker group had invaded at least nine global organizations in technology, defense, energy, and other key areas as part of an apparent espionage campaign.
Network security company Palo Alto Networks said in a report released on Sunday that in the United States alone, hundreds of organizations have been targeted. hacker As part of the espionage activities carried out from the end of September to the beginning of October.
It said that hacker groups have destroyed “at least nine global entities in the technology, defense, healthcare, energy, and education industries.”
“Through global telemetry, we believe that the actor targeted at least 370 Zoho [software] …Only in the United States,” Palo Alto Networks said in its report. “Given the size, we assess that these scans are largely indiscriminate because the targets range from education to Department of Defense entities. “
The post stated that hacker groups were able to compromise entities by exploiting vulnerabilities in the software used to manage network passwords, which is called ManageEngine ADSelfService Plus.
Palo Alto Networks pointed out: “Ultimately, attackers are interested in stealing credentials, maintaining access rights, and collecting sensitive files from the victim’s network for exfiltration.”
The cybersecurity company pointed out that although attribution is still in progress, the specific tools and methods used in the apparent hacking activities are consistent with those used by hackers. Chinese cyber espionage organization Emissary Panda, also known as TG-3390, APT 27, Bronze Alliance.
“Specifically, as SecureWorks recorded in an article about the previous TG-3390 operation, we can see that TG-3390 similarly uses a web exploit and another popular Chinese webshel called ChinaChopper l As its initial foothold, and then use legitimate stolen credentials to move laterally and attack on the domain controller,” Palo Alto Networks explained in its report.
“Although webshell and exploits are different, once the attacker enters the environment, we noticed that some of their exfiltration tools overlap.”
Emissary Panda links to Chinese government, Has been active since at least 2010. It has previously targeted global entities, including U.S. defense contractors and European drone manufacturers. It also launched attacks in Asia and the Middle East.
Weekly newspaper Palo Alto Networks has been contacted for further comments.
Last month, Crowdstrike, a US cybersecurity company, stated that a hacker group suspected of having ties to China destroyed global call records and text messages. The company stated that the organization is called UNC1945 or LightBasin and has been active since at least 2016.
Nicholas Asfori/AFP/Getty Images
