Palo Alto Networks has found that suspected foreign threat actors have compromised nine organizations across the defense, technology, health care, education and energy industries, CNN reported Sunday.
Ryan Olson, vice president of the Unit 42 division at Palo Alto Networks, said the hackers sought to maintain persistent access to the targeted entities’ networks by stealing passwords and that some of the tools and tactics used by adversaries seem to correlate with those used by a suspected hacking group from China.
Olson noted that emails of vendors working with the Department of Defense could contain information on defense contracts that foreign spies want access to.
“In aggregate, access to that information can be really valuable,” he said. “Even if it’s not classified information, even if it’s just information about how the business is doing.”
In September, the FBI and the Cybersecurity and Infrastructure Security Agency informed the public that attackers were exploiting a flaw in software called ManageEngine ADSelfService Plus that companies use in network password management.
The National Security Agency’s cybersecurity collaboration center shared its insights in support of the Palo Alto Networks report. NSA is working with CISA to continuously track the threat.