This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
According to security firm FireEye, a massive Chinese espionage operation against US and European government entities includes four new hacking tools and reaches more commercial sectors than previously reported.
Two China-linked gangs — as well as additional hackers that investigators did not name — have used virtual private network software in breaches affecting the transportation and telecommunications industries. The breaches had previously only been identified as affecting the defense, banking, and government sectors, according to the firm.
The intruders are using Pulse Connect Secure, a popular VPN product, to break into networks and steal critical data. According to Mandiant, FireEye’s incident response arm, many of the hacked firms “operate in verticals and industries aligned with Beijing’s strategic objectives” specified in the Chinese government’s latest “Five Year Plan” for economic growth.
According to Sarah Jones, senior principal analyst at Mandiant Threat Intelligence, most of the breaches have been carried out by a group called UNC2630, which appears to work on behalf of the Chinese government. Four other pieces of malware are being used by the alleged Chinese hackers to collect data and cover their tracks.
In a blog post published Thursday, Mandiant analysts said, “Chinese cyber-espionage activity has shown a larger tolerance for risk and is less restrained by diplomatic considerations than previously characterized.”
FireEye: Transportation and Telecom Firms Being Hit in Chinese Espionage