US offers millionaire reward to catch hackers 0:50
(CNN) -
Suspected foreign hackers have breached nine organizations in the defense, energy, healthcare, technology and education sectors, and at least one of those organizations is in the United States, according to findings from security firm Palo Alto Networks. shared exclusively with CNN.
With the help of the National Security Agency (NSA), cybersecurity researchers are exposing an ongoing effort by these unidentified hackers to steal key data from US defense contractors and other targets. sensitive.
It's the kind of cyber espionage that the security agencies of the Biden and Trump administrations have aggressively sought to expose before it causes too much damage.
The goal of making the information public is to warn other corporations that they could be attacked and burn hackers' tools in the process.
Officials from the NSA and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are tracking the threat.
A division of the NSA responsible for mitigating foreign cyber threats to the US defense industrial base contributed analysis to the Palo Alto Networks report.
In this case, hackers have stolen passwords for some organizations in order to maintain long-term access to those networks, Ryan Olson, a senior executive at Palo Alto Networks, told CNN.
Intruders could be in a good position to intercept sensitive data sent by email or stored on computer systems until they are banned from the network.
US cyber officials issue blanket directive requiring federal agencies to upgrade systems vulnerable to hacking
Olson said the nine confirmed victims are the "spearhead" of the apparent spy campaign, and he hopes more victims will emerge.
It is unclear who is responsible for the activity, but Palo Alto Networks said some of the attackers' tactics and tools overlap with those used by an alleged Chinese hacking group.
advertising
The NSA and CISA declined to comment on the identity of the hackers.
With their treasure trove of national security-related secrets, US defense contractors are a recurring target for
foreign
hackers
.
Cybersecurity firm Mandiant earlier this year revealed that
hackers
linked to China had been exploiting a
different
software
vulnerability
to breach defense, financial and public sector organizations in the US and Europe.
Any company doing business with the Pentagon could have a variety of data in its emails about defense contracts that could be of interest to foreign spies, said Olson, who is vice president of the Palo Alto Networks Unit 42 division.
"Taken together, access to that information can be really valuable," Olson said.
"Even if it's not classified information, even if it's just information about how the business is doing."
In the activity revealed by Palo Alto Networks, attackers are exploiting a vulnerability in the
software
that corporations use to manage their network passwords.
The CISA and the FBI warned the public in September that hackers were exploiting the
software
flaw
and urged organizations to update their systems.
Days later,
hackers
tracked by Palo Alto Networks scanned 370 computer servers running the
software
in the US alone and then began exploiting the
software
.
Olson encouraged organizations using
Zoho
software
to update their systems and look for signs of a violation.
USA: New cybersecurity standards for the rail and aviation industries
Federal officials told CNN that the disclosure of the hacking activity is evidence of their close work with cybersecurity companies to stay on top of threats.
CISA used a nascent public-private defensive program to "understand, amplify and drive action in response to the activity identified" in the Palo Alto Networks report, said Eric Goldstein, CISA's assistant executive director for cybersecurity.
The disclosure of the hacking campaign shows how the NSA is "making a real-time impact for our partners and the defense of the nation," Morgan Adamski, director of the agency's Cybersecurity Collaborative Center, said in a statement to CNN. .
cyber attack