The apparent espionage activity, which the National Security Agency helped investigate when it emerged in recent months, is more extensive than previously known and has seen hackers steal passwords from organizations targeted for the purpose of intercepting sensitive communications.
Palo Alto Networks has identified approximately 600 cases in the United States of systems running a type of vulnerable software that hackers have exploited. This includes facilities at 23 universities, 14 state or local governments, and 10 healthcare organizations, the researchers said.
It’s the type of digital espionage that the US government has tried for years to expose before compromising sensitive data related to national security or trade secrets.
The hacking effort shares similarities with techniques from a group Microsoft has identified as operating in China, Palo Alto Networks said.
The final impact of computer intrusions is not yet clear as investigations into the breaches are ongoing. But researchers at Palo Alto Networks Unit 42 believe hackers could try to gain long-term access to computer systems in order to siphon key data from U.S. companies.
“This adversary has aggressively targeted organizations in the United States and elsewhere in defense, technology and other critical industries,” Ryan Olson, vice president of Unit 42, Palo Alto Networks, told CNN.
“As we continue to learn more about the impact of these attacks, we urge organizations to quickly patch vulnerable systems and follow recommendations to determine if they have been compromised,” said Olson.
The NSA declined to comment on the new research. The U.S. Agency for Cyber and Infrastructure Security, which also sought to mitigate the impact of the hacking campaign, referred questions to Palo Alto Networks.
The Chinese Embassy in Washington did not respond to a request for comment.
While Beijing routinely denies carrying out hacking operations, cybersecurity has been a regular source of tension in US-China relations for years.
A senior Biden administration official at the time called it a “model of irresponsible behavior in cyberspace” from China. Beijing has denied any involvement.
The latest suspected Chinese cyber activity does not appear to risk this level of collateral damage. But it still has the attention of senior U.S. cybersecurity officials, who have worked with researchers to warn potential victim companies.
In recent weeks, hackers have shifted from exploiting popular software to exploiting more organizations to compromise. Patches are available for both software products, which are manufactured by multinational technology company Zoho. But many business customers have yet to update their systems and remain vulnerable.
If Chinese involvement in the campaign is confirmed, it would add to multiple cases in recent years of alleged Chinese hackers seeking to infiltrate the networks of US defense contractors.