Suspected foreign hackers have breached nine organizations in the defense, energy, health care, technology and education sectors — and at least one of those organizations is in the US, according to findings that security firm Palo Alto Networks shared exclusively with CNN.
With the help of the National Security Agency, cybersecurity researchers are exposing an ongoing effort by these unidentified hackers to steal key data from US defense contractors and other sensitive targets.
It’s the type of cyber espionage that security agencies in both the Biden and Trump administrations have aggressively sought to expose before it does too much damage. The goal in going public with the information is to warn other corporations that might be targeted and to burn the hackers’ tools in the process.
Officials from the NSA and the US Cybersecurity and Infrastructure Security Agency (CISA) are tracking the threat. A division of the NSA responsible for mitigating foreign cyber threat
s to the US defense industrial base contributed analysis to the Palo Alto Networks report.
In this case, the hackers have stolen passwords from some targeted organizations with a goal of maintaining long-term access to those networks, Ryan Olson, a senior Palo Alto Networks executive, told CNN. The intruders could then be well placed to intercept sensitive data sent over email or stored on computer systems until they are kicked out of the network.
Olson said that the nine confirmed victims are the “tip of the spear” of the apparent spying campaign, and that he expects more victims to emerge. It’s unclear who is responsible for the activity, but Palo Alto Networks said some of the attackers’ tactics and tools overlap with those used by a suspected Chinese hacking group.