Security News > 2021 > May > Chinese cyberspies are targeting US, EU orgs with new malware
Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances.
In the previous report, FireEye mentioned 12 malware families found on and specifically designed to infect Pulse Secure VPN appliances.
UNC2717 targeted global government agencies between October 2020 and March 2021 using HARDPULSE, QUIETPULSE, AND PULSEJUMP. Since then, FireEye discovered that the UNC2630 Chinese threat actors installed the following four more malware strains, bringing the total to 16 malware families custom-tailored for compromising Pulse Secure VPN appliances.
FireEye is still collecting evidence and responding to more incidents linked to Pulse Secure VPN appliance compromises at US and European organizations across several verticals, including defense, government, high tech, transportation, and financial sectors.
"Targets of Chinese cyber espionage operations are often selected for their alignment with national strategic goals, and there is a strong correlation between pillar industries listed in policy white papers and targets of Chinese cyber espionage activity," the threat analysts said.
The US federal agency also updated the mitigation measures and urges organizations that find evidence of exploitation on their networks to check the guidance published by Ivanti, Pulse Secure's parent company.
News URL
Related news
- Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)