- DEMO PAGE Cybersecurity in Massachusetts
Suspected foreign hackers have breached nine organizations in the defense, energy, health care, technology and education sectors -- and at least one of those organizations is in the US, according to findings from security firm Palo Alto Networks.
Officials from the NSA and the US Cybersecurity and Infrastructure Security Agency (CISA) are tracking the threat. A division of the NSA responsible for mitigating foreign cyber threats to the US defense industrial base contributed analysis to the Palo Alto Networks report.
Ryan Olson, a senior Palo Alto Networks executive, said that the nine confirmed victims are the "tip of the spear" of the apparent spying campaign, and that he expects more victims to emerge. It's unclear who is responsible for the activity, but Palo Alto Networks said some of the attackers' tactics and tools overlap with those used by a suspected Chinese hacking group.
The NSA and CISA declined to comment on the identity of the hackers.
In the activity revealed by Palo Alto Networks, the attackers are exploiting a vulnerability in software that corporations use to manage their network passwords. CISA and the FBI warned the public in September that hackers were exploiting the software flaw and urged organizations to update their systems. Days later, the hackers tracked by Palo Alto Networks scanned 370 computer servers running the software in the US alone, and then began to exploit the software.