Written by Tim Starks
Nov 8, 2021 | CYBERSCOOP
Suspected spies using similar tools and tactics to a Chinese government-connected hacking group compromised nine organizations in the defense, education, energy and health care industries across the globe beginning in September, according to new research.
The hackers were “indiscriminate” in targeting that included parts of the U.S. Defense Department, according to Palo Alto Networks, which published its findings on Sunday with an assist from the National Security Agency’s Cybersecurity Collaboration Center. That center primarily works with defense contractors to collect and share threat information.
At least one of the victims was a U.S. organization, Palo Alto Networks said, but didn’t name the nine compromised entities. The company “believes that the actor’s primary goal involved gaining persistent access to the network and the gathering and exfiltration of sensitive documents from the compromised organization.”
The research comes on the heels of a Sept. 16 warning from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, in conjunction with the FBI and U.S. Coast Guard Cyber Command. It warned that likely foreign government-backed hackers were actively exploiting a vulnerability in Zoho’s ManageEngine ADSelfService Plus, a password management product. Zoho issued a patch