Palo Alto Networks, a global cybersecurity firm, discovered in a series of cyberattacks that started September 17 and ran on through early October that foreign hackers may have breached 9 companies in the defense, education, energy, healthcare, and technology sectors with one of the organizations is in the United States that they know of.
The National Security Agency (NSA), along with cybersecurity experts, have exposed efforts by the hackers to steal key data from US defense contractors and other sensitive targets. NSA and the US Cybersecurity and Infrastructure Security Agency (CISA) are tracking the hacking threat.
In these attacks, hackers stole the passwords from organizations that were targeted, hoping they would be able to keep access to the networks long term.
Referring to the 9 confirmed victims of the targeting “the tip of the spear,” Ryan Olson, a Palo Alto Networks executive, said he believes more victims will be hit. While the hacking group hasn’t yet been identified, Olson said to CNN that the tactics and tools used are similar to those used by a hacking group known to be out of China.
The hackers are going after exploits found in software that these companies use to manage their network passwords, according to Palo Alto Networks. Back in September, the FBI and CISA gave out warnings to the public that hackers were exploiting the software flaw and advised them to update their systems to protect them. Days later, Palo Alto Networks said that the hacking group scanned 370 computer servers in the US and they all run that same software.
The software in question is called Zoho and Olson suggested companies that use it should update their systems and run system searches to look for signs that anyone breached their servers.
The feds are saying that the success of the rapid response to diagnosing and singling out the specific system breach is another example of the successful relationship between private sector cybersecurity firms and the government’s security teams.
Morgan Adamski, the director of the NSA’s Cybersecurity Collaboration Center, said that the discovery of the hacking activity shows that the NSA is “delivering real-time impact to our partners and the defense of the nation.”