Hackers Achieve Widespread Penetration Of Defense Contractors

Suspected foreign hackers have breached 9 organisations in the defense, energy, health care, technology and education sectors, and at least one of those organisations is in the US, according to the security experts at Palo Alto NetworksThe FBI, CISA, and US Coast Guard Cyber Command  (CGCYBER)  have reports of malicious cyber actors using hacking to gain access to several different organisations in the US and overseas.

With the help of the National Security Agency, Palo Alto Networks' researchers have exposed an ongoing effort by these unidentified hackers to steal key data from US defense contractors and other sensitive targets.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in a self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus.  

Hackers were observed deploying a specific webshell and other techniques to maintain persistence in victim environments and also successful attacks against the same organisation was happening.

Officials from the NSA and the US Cybersecurity and Infrastructure Security Agency (CISA) are tracking the threat. A division of the NSA responsible for mitigating foreign cyber threats to the US defense industrial base contributed analysis to the Palo Alto Networks report. Cyber security firm Mandiant / FireEye said earlier this year that Chinese hackers are exploiting different software vulnerabilities to break into defense, financial and public sector organisations in the US and Europe.

US defense contractors are a high value and frequent target for foreign hackers, although the NSA and CISA have so far declined to comment on the hackers's origin and identity.

CISA and the FBI has recently warned that hackers were exploiting the software flaw and urged organisations to update their systems. A few days later, the hackers tracked by Palo Alto Networks scanned 370 computer servers running the software in the US alone, and then began to exploit the software.

CERT-CISA:       CNN:      Palo Alto Networks:     Microsoft

You Might Also Read:

Cyber Attacks May Lead To A “shooting war”:

 

« 123456 Is Not A Password
Nobelium - Long Term Threat Activity »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

ecsec

ecsec

ecsec is a specialized vendor of security solutions including information security management, smart card technology, identity management, cloud computing and electronic signature technology.

DeviceAssure

DeviceAssure

DeviceAssure enables organizations to reliably identify counterfeit and non-standard devices with a real-time check on a device's authenticity.

Department of Justice - Office of Cybercrime (DOJ-OOC) - Philippines

Department of Justice - Office of Cybercrime (DOJ-OOC) - Philippines

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

Crosser

Crosser

The Crosser Platform enables real-time processing of streaming or batch data for Industrial IoT, Data Transformation, Analytics, Automation and Integration.

Inveteck Global

Inveteck Global

Inveteck Global is a Ghana-based cyber security firm providing strategic guidance and technical solutions to all our clients to best serve their individual needs.

Cybrella

Cybrella

Cybrella offers professional cybersecurity services for small to medium sized businesses and to larger enterprises looking to expand their cybersecurity capabilities.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Hayes Connor Solicitors

Hayes Connor Solicitors

Hayes Connor Solicitors is a specialist data breach and cybercrime law firm. We act for clients on individual data breaches and also where a group has been compromised as part of a targeted attack.

Cyber Security Partners (CSP)

Cyber Security Partners (CSP)

Cyber Security Partners specialise in the provision of Cyber Security Consultancy, Data Protection and Certification and Compliance services.

Obscure Technologies

Obscure Technologies

Obscure Technologies is a firm of experts, specialised in brokering the best security solutions to market.

Commission Nationale de l'Informatique et des Libertés (CNIL) - France

Commission Nationale de l'Informatique et des Libertés (CNIL) - France

The mission of CNIL is to protect personal data, support innovation, and preserve individual liberties.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

Socket

Socket

Socket protects software applications and critical services from malware and security threats originating in open source code.