Chinese government-backed hackers targeted US companies, and the researcher who discovered the attack warns it could 'signal a shift' in how the two countries spy on each other
REUTERS/Fred Dufour/Pool; Alex Wong/Getty Images
Cybersecurity firm FireEye revealed that a group of contractors it believes are backed by the Chinese government attempted to exploit vulnerabilities in three broadly used computer systems.
- The hackers, known as APT41 or Double Dragon, targeted 75 organizations across nearly every economic sector, FireEye says.
- The lead researcher says this could "signal a shift" in a 2015 agreement between the US and China to curb cyber-espionage.
- Visit Business Insider's homepage for more stories.
A Silicon Valley cybersecurity firm says it uncovered "one of the broadest campaigns by a Chinese cyber espionage actor" that it's observed in recent years, which its lead researcher says could "signal a shift" in a 2015 agreement between the US and China.
FireEye revealed in a blog post Wednesday that between January 20 and March 11, a group known as APT41 targeted 75 organizations across nearly every economic sector, including finance, construction, defense, tech, pharmaceuticals, telecommunications, media, and oil and gas industries. FireEye has "moderate confidence" that contractors tasked by the Chinese state run the group, which it's dubbed "Double Dragon" because it carries out both national security and corporate espionage.
APT41 focused its recent attacks on vulnerabilities in Citrix's Application Delivery Controller (ADC), Cisco's routers, and Zoho's ManageEngine Desktop Central, FireEye said.
Christopher Glyer, FireEye's chief security architect, who has tracked the hacking group since 2012, told Business Insider that this campaign "could signal a shift" in a 2015 agreement between the US and China to curb economic cyber-espionage. At the time, President Obama and President Xi Jinping of China made a broad, bilateral agreement not to hack government or corporate systems, though the US has accused China of violating it in the past.
Glyer says that with the US-China trade war and hostilities over the coronavirus pandemic, he would have "expected there would be a loosening" in the agreement's adherence.
"At a time of crisis, nations want to gather intelligence," Glyer said. "This could be related to the trade war, or related to COVID-19. Nations always want to know what are other governments are thinking. Are they looking to find out what kinds of clinical trials another nation is conducting? Cyber-espionage may be one tool to help them achieve that right now."
The Department of Homeland Security didn't respond to Business Insider's request for comment
The widespread campaign sought to set up broad exploits that could be used or expanded over time, FireEye says.
It was intended to "cast a wide net" with longterm payoffs, said Glyer. The attacks were a case "when you have something really valuable where you get a lot of access" and can "use it later to hack into a business partner."
Citrix, a multi-national corporation that provides companies with servers and other computer systems, said it worked with FireEye to address the vulnerabilities and repaired issues on its own. Chief Security Officer Fermin Serna said in a statement that in December, Citrix advised customers of a vulnerability and published a security advisory.
Zoho issued a patch to the ManageEngine Desktop Central addressing vulnerabilities on March 6.
Get the latest Cisco stock price here.
- From marketing and tech to leadership - learn new skills and explore new possibilities with these Udemy courses
- Facebook and Microsoft aren’t the only ones creating a metaverse — here are five popular coins looking to create digital worlds
- Loaded Lion NFT sells for $1 million — three days after launching at $200
- Mukesh Ambani-led Reliance Jio hikes prices of its plans by 21%
- Facebook, Microsoft and others look towards the $1 trillion dollar ‘metaverse’ opportunity — but that contradicts the base philosophy behind Web 3.0
- Paytm Q2 result — Operational revenue crosses ₹1000 crore, loss widens by ₹37 crore
- These Indian states have the highest number of international airports; UP tops the list
- Centre raises Bengal labour budget for creation of 27 cr man-days