China's government tied to new hack attacks on U.S. government and businesses

Rebecca Falconer
·2 min read

The Chinese Communist Party is believed to be responsible for newly found hack attacks on the U.S. government, businesses and American infrastructure, cybersecurity company Mandiant said Wednesday.

Why it matters: This is the third major cybersecurity breach to hit the U.S. in recent months — including two in March blamed on hackers linked to China's government: one targeting 30,000 U.S. victims, including small businesses and local governments, the other hitting Microsoft.

Get market news worthy of your time with Axios Markets. Subscribe for free.

This content is not available due to your privacy preferences.
Update your settings here to see it.
  • Charles Carmakal, a senior vice president of Mandiant, told NBC News Wednesday, "We're starting to see a resurgence of espionage activity from the Chinese government."

Driving the news: The U.S. Cybersecurity and Infrastructure Security Agency said in a statement Tuesday that the breach was "affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations."

Zoom in: Carmakal said in an emailed statement that Mandiant "recently responded to multiple security incidents involving the exploitation of Pulse Secure VPN appliances," which is used by businesses for remote work.

  • The breach affected "dozens of organizations including government agencies, financial entities, and defense companies" in the U.S. and Europe, he said.

  • "We suspect these intrusions align with data and intelligence collection objectives by China," Carmakal added.

  • Per Carmakal, the hackers bypassed the multifactor authentication on Pulse Secure devices to access the as-yet unnamed victims' networks, accessing these sites "for several months without being detected."

"We believe that multiple cyber espionage groups are using these exploits and tools, and there are some similarities between portions of this activity and a Chinese actor we call APT5. "


Of note: President Biden took office a month after cybersecurity firm SolarWinds announced it was hacked in December, in a breach that was later discovered to be part of a massive cyberattack by suspected Russian hackers on multiple government agencies and U.S. firms.

Like this article? Get more from Axios and subscribe to Axios Markets for free.