At least one of the breached organizations is in the U.S., they add, and in cooperation with America’s National Security Agency (or NSA), security researchers “are exposing an ongoing effort by these unidentified hackers to steal key data from U.S. defense contractors and other sensitive targets.” It’s the type of cyber espionage that security agencies in both the Biden and Trump administrations have aggressively sought to expose before it does too much damage. The goal in going public with the information is to warn other corporations that might be targeted and to burn the hackers’ tools in the process… [T]he hackers have stolen passwords from some targeted organizations with a goal of maintaining long-term access to those networks, Ryan Olson, a senior Palo Alto Networks executive, told CNN. The intruders could then be well placed to intercept sensitive data sent over email or stored on computer systems until they are kicked out of the network.
Olson said that the nine confirmed victims are the “tip of the spear” of the apparent spying campaign, and that he expects more victims to emerge. It’s unclear who is responsible for the activity, but Palo Alto Networks said some of the attackers’ tactics and tools overlap with those used by a suspected Chinese hacking group… Cybersecurity firm Mandiant earlier this year revealed that China-linked hackers had been exploiting a different software vulnerability to breach defense, financial and public sector organizations in the US and Europe….
In the activity revealed by Palo Alto Networks, the attackers are exploiting a vulnerability in software that corporations use to manage their network passwords. CISA and the FBI warned the public in September that hackers were exploiting the software flaw and urged organizations to update their systems. Days later, the hackers tracked by Palo Alto Networks scanned 370 computer servers running the software in the US alone, and then began to exploit the software. Olson encouraged organizations that use the Zoho software to update their systems and search for signs of a breach.
Federal officials told CNN the revelation of the hacking activity is evidence of their close work with cybersecurity firms to stay on top of threats.