Cyber Attack Targeting America's Remote Workers Points To China
KEY POINTS
- The attack on Pulse Secure VPN targets remote workers of government and federal agencies
- CISA issued an emergency directive -- a move rarely done unless there is high-risk potential
- The attack is the third discovered serious hacking for 2021
The United States is facing its third severe and distinct cyber attack in a span of a few months. The attack that points out to China allegedly targets remote workers in the country.
On April 21, Mandiant, a cybersecurity firm under FireEye confirmed the presence of another cybersecurity attack that targets the US government, private companies and critical infrastructure. The firm said that China is behind the series of hacks.
This is the third discovered serious cyber attack against the US in just a span of a few months. Mandiant has released instructions for users to follow in order to find out if they are in hew, NBC News reported.
The hackers intruded on the target's devices through Pulse Secure, a program that connects workers to their offices as they work remotely. The attack caused China to gain access to major US companies and government agencies, said Charles Carmakal, Mandiant's chief technology officer.
Reports said the hackers used programs to invade the targets Pulse Connect Secure appliances. They later planted backdoor programs that will stay in the system to spy on the network for a period of time.
In January, news surfaced about Russia being allegedly behind the hacking in Solar Winds, a Texas-based company. The attack affected nine US government agencies.
In March, Microsoft said China was behind the attack that used the Microsoft Exchange email programs to break into various organizations across the globe.
Compared to the Solar Winds and Exchange hack, China used the Pulse Secure attack to break into a smaller number of agencies. However, due to the depth level of its access to the target, Mandiant believes it is something significant.
CISA, U.S. Cybersecurity and Infrastructure Security Agency responded by issuing an emergency directive for every civilian government agency, according to the official website of the Department of Homeland Security.
On April 20, the security agency ordered the federal civilian agencies to immediately scan if they have been affected by the attack and implement immediate corrective actions, CNN reported.
This is the second time that CISA used its strictest emergency powers in less than two months. The agency said they are very concerned about the increased frequency of issuing an emergency directive.
Meanwhile, Pulse Secure assured its clients that a software update that addresses the issue will come out in May.
© Copyright IBTimes 2024. All rights reserved.