Posted on November 8, 2021 at 7:18 PM
Researchers at Palo Alto Networks reported that threat actors have hacked into nine different institutions in the defense, health, education, and technology sectors. The researchers also noted that at least one of the victimized organizations operates in the United States.
The National Security Agency (NSA) has started organizing operations, along with various researchers, to expose these threat actors and their attacks.
Based on the information, threat actors stole passwords from the target organizations and had long-term access to their systems. The hackers had the access to steal sensitive data transferred over the compromised networks through email for a long time.
It’s not clear what extent of data the threat actors were able to siphon from the affected networks.
This type of cyber espionage is not new, as the Trump administration has faced a similar attack in the past. NSA and other agencies have shared some information about the nature of the attack. The agencies want to offer insights on the nature of the attack to help inform other organizations that may be vulnerable.
The US Cybersecurity and Infrastructure Agency (CISA) and the NSA officials said they are investigating the threat. The NSA has also released a preview of the report provided by the Palo Alto Network to enable organizations to beef up their security against further attacks.
The researchers noted that the nine organizations may not be the only firms that are affected by the hacking operation. They said more organizations could be impacted due to the length of time the threat actors spent in those networks.
The Identity Of The Hackers Is Still Unknown
The researchers admitted that the identity of the threat actors is still unknown. However, they noted that some of the attackers’ tools and tactics are similar to the strategies used by the organized Chinese hacking syndicates.
Earlier this year, Cybersecurity firm Mandiant reported that the threat actors were exploiting a software vulnerability to infiltrate financial organizations, public sectors, and defense agencies in Europe and the US.
The security firm has remained strong in its efforts to hunt down these threat actors and prevent them from causing more damage to organizations.
Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, commented that CISA makes use of an emerging public-private defensive program to monitor the activities of threat actors. He added that the agency is providing real-time impact to other organizations and defense agencies.
An Increasing Spate Of Cyberattacks In Us Organizations
Cyber attackers have been making US organizations their major targets in recent times. To address this issue, President Joe Biden recently held a meeting with tech giants regarding the attacks on AT&T, Verizon, T-Mobile, and others.
The Biden administration is also planning to set up a bureau of cyberspace and digital policy to offer more cyber security protection to organizations.
CISA and the NSA have also intensified efforts to warn and protect other organizations against further attacks. While some of the attacks have come from ransomware actors, others have been linked to state-sponsored threat actors. The CISA and NSA recently published detailed guidelines after the ransomware attack on Iowa-based Grain Company, NEW Cooperatives Inc.
The guidelines contain details for the companies to secure their servers against brute force attacks.
The Palo Alto researchers have received support from the NSA in its efforts to crack down on threat actors that have been trying to steal data from their targets, especially US organizations.
The researchers noted that the attack on these organizations started on September 17 and continued until early October.
“We assess that these scans were largely indiscriminate in nature as targets ranged from education to Department of Defense entities,” the researchers noted. They added that the threat actors were able to infiltrate the systems through a software vulnerability used in managing network passwords.
The threat groups were interested in maintaining access, collecting sensitive files, and stealing credentials.
Organizations Should Check For Bugs Before Resetting Passwords
Morgan Adamski, Cybersecurity Collaboration Center director at NSA, stated that the agency wants to deliver real-time impact to its partners and the defense of the nation.
The research, according to the agency shows the need to rapidly detect new threat activities within the environment. It also shows the importance of real-time threat intelligence sharing and rapid patch management to prevent a massive impact of cyber attacks.
Senior Vice President of Palo Alto Networks Unit 42, Wendi Whitmore, while commenting on the report, advised organizations to utilize Zoho software to address any flaws in their networks before resetting their passwords.