Suspected foreign hackers have hacked nine businesses in the defense, energy, health care, technology, and education sectors – at least one of which is in the United States, according to information shared by security firm Palo Alto Networks.
It is the same sort of cyber espionage that security agencies had previously worked hard to expose before it caused serious harm. The purpose of making the information public is to alert other companies that may be targeted.
The National Security Agency (NSA) and the US Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity have revealed an ongoing attempt by these unidentified hackers to steal sensitive data from US defense contractors and other targets. The Palo Alto Networks report included analysis from the NSA division in charge of combating foreign cyber threats to the US defense industrial base.
According to a Palo Alto Networks report, the hackers targeted at least 370 organizations in the United States alone using vulnerable Zoho servers, with at least one of them being successfully hacked. The report did not identify any of the organizations targeted, but it stated that it was sharing the information to raise awareness about the threat.
However, according to Ryan Olson, a senior Palo Alto Networks executive, the nine confirmed victims are only the “tip of the spear” of the evident spying campaign. He expects more victims to come to the fore. According to Palo Alto Networks, the attackers’ tactics and tools are similar to those used by a suspected Chinese hacking group. The Chinese threat group is known as “Emissary Panda,” according to the report.
The attacks began in mid-September and continued until the end of October. CISA, the US Coast Guard, and the FBI issued an alert before the attack, warning that hackers were actively exploiting the vulnerability on Zoho Manage Engine.
“Ultimately, the actor was interested in stealing credentials, maintaining access, and gathering sensitive files from victim networks for exfiltration,” Palo Alto Networks researchers wrote in the report.
Olson also urged companies that use Zoho software to update their systems and look for signs of a breach.
The sharing of the hacking campaign demonstrates how the NSA is “delivering real-time impact to our partners and the defense of the nation,” Morgan Adamski, director of the agency’s Cybersecurity Collaboration Center, said in a statement to CNN.
