Chinese Government Hackers Compromise Dozens of U.S. Government Agencies – Expert Statement

Following media reports that, according to a private cybersecurity firm, Chinese government hackers are believed to have compromised dozens of US government agencies, defense contractors, financial institutions, and other critical sectors, cyber defense experts commented below.

Experts Comments

April 22, 2021
Stuart Reed
UK Director
Orange Cyberdefense

This is another very worrying attack focused on a zero-day vulnerability with no patch. That means that while we know there is a problem, there is no current solution. Although this particular exploit has serious political implications and has been targeted at the US government, there will be other attacks now the vulnerability has been exposed.



As shown in our latest Security Navigator report over this last year, in particular – with the rapid deployment of security products - we have

.....Read More

This is another very worrying attack focused on a zero-day vulnerability with no patch. That means that while we know there is a problem, there is no current solution. Although this particular exploit has serious political implications and has been targeted at the US government, there will be other attacks now the vulnerability has been exposed.



As shown in our latest Security Navigator report over this last year, in particular – with the rapid deployment of security products - we have observed an extraordinary increase in reported vulnerabilities (not necessarily attacks) for these kinds of systems, including technologies from several leading perimeter security product vendors. There are a few core factors at play in this surge. They include the rapid and sometimes reckless adoption or expansion of secure remote access capabilities to accommodate remote workers, which made these technologies a very attractive target. In addition, there has been a cascade effect in which the discovery of one vulnerability creates knowledge, experience, and ideas, and thus leads to the discovery of different vulnerabilities in the same product, or similar vulnerabilities in different products.



Ultimately, government organisations and businesses alike need to take an agile, intelligence-based approach to their security. We need to recognise that the security landscape is deeply fluid and dynamic, and organisations must be able to perceive and respond to the rapid, continuous threats appropriately.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.