Security analysts believe the hackers are set on stealing key data from U.S. defense contractors and other sensitive targets. The hackers reportedly targeted organizations with passwords that could provide ongoing access to government networks.
Ryan Olson, a senior Palo Alto Networks executive, told CNN that it was sort of a race to the finish. Once the intruders laid their hands on the passwords, it’s possible that they would be in a good position to intercept sensitive data sent via email or stored on computer systems.
NSA and U.S. Cybersecurity and Infrastructure Security Agency (CISA) officials said they are tracking the threat.
Eyes on China
Olson said the nine confirmed targets are the "tip of the spear" of the surveillance campaign, and he expects that even more victims will be revealed. Olson couldn’t lay blame at any particular group’s feet, but he said some of the tactics the hackers employed are similar to those used by a known Chinese hacking group.
China state hackers have been behind a number of cyberattacks over the course of the last year. Just this summer, France claimed that China state hackers were using compromised routers in a massive attack campaign. The Biden administration also accused China of being behind major cyberattacks like the Microsoft Exchange hack.
In July, a federal grand jury charged four nationals and residents of the People’s Republic of China with a campaign to hack into the computer systems of dozens of victim companies, universities, and government entities in the U.S. and abroad. In October, the Federal Communications Commission (FCC) recognized potential security risks connected to China Telecom and banished the company from the U.S.