Chinese Government Hackers Compromise Dozens of U.S. Government Agencies – Expert Statement

Following media reports that, according to a private cybersecurity firm, Chinese government hackers are believed to have compromised dozens of US government agencies, defense contractors, financial institutions, and other critical sectors, cyber defense experts commented below.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Stuart Reed
Stuart Reed , UK Director
InfoSec Expert
April 22, 2021 10:58 am

<p><span lang=\"EN-US\">This is another very worrying attack focused on a zero-day vulnerability with no patch. That means that while we know there is a problem, there is no current solution. Although this particular exploit has serious political implications and has been targeted at the US government, there will be other attacks now the vulnerability has been exposed.</span></p> <p><span lang=\"EN-US\"><br /><br />As shown in our latest <a href=\"https://orangecyberdefense.com/global/security-navigator/\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://orangecyberdefense.com/global/security-navigator/&source=gmail&ust=1619174213364000&usg=AFQjCNFAXsl3_t2g4k7JGzFKPrAdcHUeug\">Security Navigator</a> report over this last year, in particular – with the rapid deployment of security products – we have observed an extraordinary increase in reported vulnerabilities (not necessarily attacks) for these kinds of systems, including technologies from several leading perimeter security product vendors. There are a few core factors at play in this surge. They include the rapid and sometimes reckless adoption or expansion of secure remote access capabilities to accommodate remote workers, which made these technologies a very attractive target. In addition, there has been a cascade effect in which the discovery of one vulnerability creates knowledge, experience, and ideas, and thus leads to the discovery of different vulnerabilities in the same product, or similar vulnerabilities in different products.</span></p> <p><span lang=\"EN-US\"><br /><br />Ultimately, government organisations and businesses alike need to take an agile, intelligence-based approach to their security. We need to recognise that the security landscape is deeply fluid and dynamic, and organisations must be able to perceive and respond to the rapid, continuous threats appropriately.</span></p>

Last edited 1 year ago by Stuart Reed
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x