Report: Chinese hackers compromised U.S., EU government agencies

April 21 (UPI) -- A leading private cybersecurity firm said it suspects Chinese state-sponsored hackers have for months infiltrated U.S. and European government organizations as well as defense and technology companies.

FireEye security company said in a blog post Tuesday that analysis is ongoing to determine the extent of the breach but it believes UNC2630 and APT5 -- two hacking groups tied to China -- targeted defense and technology companies in the United States and elsewhere.


Charles Carmakal, chief technology officer of Mandiant, which is a division of FireEye and has been responding to the infiltrations, said the groups behind the attack are "very advanced" and were focusing on high-value targets with information China may be after, The Washington Post reported.

"This looks like classic China-based espionage," Carmakal said. "There was the theft of intellectual property, project data. We suspect there was data theft that occurred that we won't ever know about."

The hacking groups exploited vulnerabilities in Pulse Secure VPN devices, it said.

Pulse Secure's parent company, Ivanti, said it has released updates to solve the issues though a final patch may not be available until next month.


"Pulse Secure has been working closely with Mandiant, affected customers, government partners and other forensic experts to address these issues," FireEye confirmed.

FireEye said it observed UNC2630 "harvesting credentials" from various Pulse Secure login flows, allowing the the hackers to use legitimate account details to infiltrate the networks. To maintain its presence, the hackers used legitimate and modified code of the devices.

The Department of Homeland's Cybersecurity and Infrastructure Security Agency issued an alert later Tuesday stating it was aware of the compromises of U.S. government agencies, critical infrastructure entities and other private sector organizations.

The agency said the attack connected to the Pulse Connect Secure products began in June or earlier, and that since the end of last month it has assisted "multiple entities" that have been affected.

Pulse Secure in a statement said that the issue impacted "a very limited number of customers."

"As an entire company, we are dedicated to working with our customers and the broader security industry to mitigate the threat from these issues as quickly as possible," it said.

The revelation of the hack follows several high-profile infiltrations connected to state-sponsored hackers.

Last month, Microsoft said Chinese hacker group HAFNIUM had infiltrated networks through vulnerabilities in its Exchange servers that enabled access to email accounts.


In December, a handful of U.S. federal agencies including the Department of Homeland Security were breached by hackers tied to the Russian intelligence service.

On Tuesday, the White House said it is launching a plan to guard critical electric infrastructure from sophisticated cyber threats.

Latest Headlines