At least for the third time since the beginning of this year, the US government is investigating the recruitment of federal agencies that began during Trump’s administration but have not yet been found, according to top U.S. officials and cyber defenders in the private sector.
A recent cyberattack called the supply chain, which emphasizes how high-profile, often government-backed groups identify vulnerable software developed by third parties as a way to communicate with computer networks owned by governments and corporations.
New government violations include a virtual private network (VPN) known as Pulse Connect Secure, which hackers cannot access as customers use it.
More than a dozen agencies work with Pulse Secure on their networks, according to public contract records. The cyber security directive last week demanded that agencies check their systems for related compliance and report.
The results, collected on Friday and analyzed this week, show evidence of possible divisions in at least five state institutions, said Matt Hartman, chief executive of the US Cybersecurity Infrastructure Security Agency.
“This is a combination of traditional intelligence that has something to do with economic theft,” said one cyber security adviser familiar with the matter. “We’ve already confirmed data entry in multiple locations.”
The maker of Pulse Secure, Utah software company Ivanti, said they were expected to offer a solution to the problem this Monday, two weeks after it was first announced. Added “very limited number of customer programs”, he added.
For the past two months, the CISA and the FBI have been working with Pulse Secure and the victims of the issue to evacuate the participants and get more evidence, said a senior US official who declined to be named but responded to the issues. The FBI, the Department of Justice and the National Security Agency declined to comment.
The U.S. government’s investigation into Pulse Secure’s work is still under way, a senior US official said, adding that the size, impact and implications remain unclear.
Security investigators at the US security company FireEye and another company, which declined to give its name, said they were looking at a number of hacking groups, including a high-profile group joining China, exploiting the new bug and many others like it from 2019.
In a statement last week, Chinese Ambassador Liu Pengyu said China “strongly opposes and fights all forms of cyber attacks,” describing FireEye’s allegations as “unethical and malicious.”
The use of VPNs, which create encrypted channels to connect remotely to corporate networks, has risen sharply during the COVID-19 epidemic. However with the growth of VPN usage as well as the associated risks.
“This is another example of a recent party of cyber actors pointing out the dangers in widely used VPN products as our country is mostly located in remote and inactive areas,” Hartman said.
Three cyber security advisers involved in the hack response told Reuters that the list of victims was limited to the United States and has so far included security contractors, community government agencies, solar power companies, telecommunications firms and financial institutions.
Observers also say they know that there are fewer than a hundred victims so far among them, which raises very little focus on hackers.
Analysts believe the malicious operation began in 2019 and used old bugs in Pulse Secure and different products made by cyber security company Fortinet before introducing new risks.
Hartman said the public agency was postponing at least June 2020.
Hacking purchase
A recent report by the Atlantic Council, a Washington think tank, studied 102 hacking incidents and found an increase in the past three years. Thirty attacks came from government-backed groups, mainly in Russia and China, the report said.
Pulse Secure’s response comes as the government faces a collapse in three other cyber attacks.
The first was known as the SolarWinds hack, in which Russian government suspects allegedly attacked the company’s network management system to infiltrate into nine government agencies.
The weakness of Microsoft’s email software, called Exchange, is exploited by a different group of Chinese hackers, which also requires a lot of effort to respond, even though it has no effect on government networks, according to US officials.
And then the weakness in the editing tool maker called Codecov has left thousands of customers exposed within their writing areas, the company revealed this month.
Some government agencies among the clients had Codecov hijackers who had obtained guarantees to continue accessing codecs or other information, according to a person briefed on the investigation. Codecov, the FBI, and the Department of Homeland Security declined to comment on the case.
The United States plans to address some of these issues with a high-level plan that will require agencies to identify their sensitive software and develop a “building block” that requires a certain level of digital security in all products sold to the government.
“We think this is a very powerful way to put costs on these enemies and make it very difficult,” said a US official.
