The apparent espionage activity, which the National Security Agency helped investigate when it emerged in recent months, is more extensive than previously known and has seen the hackers steal passwords from targeted organizations with a goal of intercepting sensitive communications.
Globally, at least 13 organizations total in sectors such as defense, health care, energy and transportation are now confirmed to have been breached, cybersecurity firm Palo Alto Networks will warn in a report to be published Thursday.
Palo Alto Networks identified about 600 cases in the US of systems running a type of vulnerable software that the hackers have exploited. That includes installations at 23 universities, 14 state or local governments and 10 health care organizations, the researchers said.
It’s the type of digital spying that the US government has for years tried to expose before it compromises sensitive data related to national security or trade secrets.
The hacking effort shares similarities with the techniques of a group Microsoft has identified as operating in China, Palo Alto Networks said.
The ultimate impact of the computer intrusions is not yet clear because investigations of the breaches are ongoing. But Palo Alto Networks’ Unit 42 researchers believe the hackers could be trying to gain long-term access to computer systems in order to siphon off key data from US companies.
“This adversary has aggressively targeted organizations in the United States and elsewhere in defense, technology and other critical sectors,” Ryan Olson, vice president of Palo Alto Networks’ Unit 42 division, told CNN.
“While we’re still learning more about the impact of these attacks, we urge organizations to quickly patch vulnerable systems and follow recommendations for determining whether they’ve been compromised,” Olson said.
The NSA declined to comment on the new research. The US Cybersecurity and Infrastructure Security Agency, which has also sought to blunt the impact of the hacking campaign, referred questions to Palo Alto Networks.
The Chinese Embassy in Washington did not respond to a request for comment.
While Beijing routinely denies conducting hacking operations, cybersecurity has been a regular source of tension in US-China relations for years.
A senior Biden administration official at the time called it part of “a pattern of irresponsible behavior in cyberspace” from China. Beijing denied involvement.
The latest suspected Chinese cyberactivity does not appear to risk that level of collateral damage. But it still has the attention of senior US cybersecurity officials, who have worked with the researchers to warn potential victim companies.
The hackers have in recent weeks shifted from exploiting one popular piece of software to another in a quest to compromise more organizations. Fixes are available for both software products, which are made by the multinational technology firm Zoho. But many of the firms’ customers have yet to update their systems, and remain vulnerable.
If Chinese involvement in the campaign is confirmed, it would add to multiple instances in recent years of alleged Chinese hackers seeking to burrow into the networks of US defense contractors.