Ryan Olson, a senior executive at Palo Alto, shed some light on the specifics of the campaign. The hackers have stolen passwords from targeted organizations and aim to maintain long-term access to their networks. This would allow them to intercept sensitive information until they are removed from the network. This disclosure is part of an ongoing collaboration between U.S. federal agencies and cybersecurity researchers that focuses on cyber espionage activity. The hackers, who remain unidentified, aim to steal information from U.S. defense contractors and organizations in other sensitive sectors. Officials from the U.S. National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are monitoring the threat. In fact, Palo Alto’s report contains contributions from a division of the NSA which looks after foreign cyber threats to the U.S. defense industrial base.
Hackers Exploit Password Management Software
In this campaign, the hackers are exploiting a vulnerability in the corporations’ password management software, Zoho ManageEngine. Both CISA and the FBI issued a warning about the campaign in September, urging organizations to update their systems. Palo Alto believes that the hackers exploited at least 370 servers in the United States alone. Olson has also encouraged organizations that use the software to check for a possible breach and update their systems. He added that the nine confirmed victims were only the “tip of the spear” in the campaign. While the identity of the responsible actor remains unknown, Palo Alto stated that some of the hackers’ tactics and tools are similar to those of a suspected Chinese hacking group.
Officials Say the Discovery is a Positive Sign
Officials from federal agencies said that the discovery of the campaign is “evidence of their close work with cybersecurity firms to stay on top of threats.” Eric Goldstein, CISA Executive Assistant Director for Cybersecurity, stated that the partnership with cybersecurity researchers was crucial. Goldstein said that the agency used a nascent public-private defensive program to “understand, amplify, and drive action in response to the activity identified.” Morgan Adamski, director of the NSA’s Cybersecurity Collaboration Center, also praised the disclosure of the campaign. He said it shows how the agency is “delivering real-time impact to our partners and the defense of the nation.”
