Hackers Achieve Widespread Penetration Of Defense Contractors

Suspected foreign hackers have breached 9 organisations in the defense, energy, health care, technology and education sectors, and at least one of those organisations is in the US, according to the security experts at Palo Alto NetworksThe FBI, CISA, and US Coast Guard Cyber Command  (CGCYBER)  have reports of malicious cyber actors using hacking to gain access to several different organisations in the US and overseas.

With the help of the National Security Agency, Palo Alto Networks' researchers have exposed an ongoing effort by these unidentified hackers to steal key data from US defense contractors and other sensitive targets.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in a self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus.  

Hackers were observed deploying a specific webshell and other techniques to maintain persistence in victim environments and also successful attacks against the same organisation was happening.

Officials from the NSA and the US Cybersecurity and Infrastructure Security Agency (CISA) are tracking the threat. A division of the NSA responsible for mitigating foreign cyber threats to the US defense industrial base contributed analysis to the Palo Alto Networks report. Cyber security firm Mandiant / FireEye said earlier this year that Chinese hackers are exploiting different software vulnerabilities to break into defense, financial and public sector organisations in the US and Europe.

US defense contractors are a high value and frequent target for foreign hackers, although the NSA and CISA have so far declined to comment on the hackers's origin and identity.

CISA and the FBI has recently warned that hackers were exploiting the software flaw and urged organisations to update their systems. A few days later, the hackers tracked by Palo Alto Networks scanned 370 computer servers running the software in the US alone, and then began to exploit the software.

CERT-CISA:       CNN:      Palo Alto Networks:     Microsoft

You Might Also Read:

Cyber Attacks May Lead To A “shooting war”:

 

« 123456 Is Not A Password
Nobelium - Long Term Threat Activity »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Rackspace Technology

Rackspace Technology

Rackspace Technology is a leading provider of managed services across all major public and private cloud technologies. Secure your IT environments with powerful cloud security solutions and support.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud-based, PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions.

devWerks

devWerks

devWerks is an innovative software company specialising in software development and IT security.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

UgCERT

UgCERT

UgCERT is a national Computer Emergency Response Team for Uganda, operating under the Uganda Communications Commission.

ThreatAdvice

ThreatAdvice

ThreatAdvice is a provider of cybersecurity education, awareness and threat intelligence.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

NanoLock Security

NanoLock Security

NanoLock delivers the industry’s only end-to-end platform for the IoT and connected devices ecosystem.

Red Alert Labs

Red Alert Labs

Red Alert Labs is an IoT security provider. We created an independent security lab with a disruptive business offer to solve the technical and commercial challenges in IoT.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.

CyVolve

CyVolve

Cyvolve is the next great leap forward in data security, ensuring constant encryption and pervasive control over all your data.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

CYDEF

CYDEF

CYDEF provides comprehensive, state-of-the-art cybersecurity protection that is accessible and affordable to organizations of any size.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.