CCP Hackers Exploit Pulse Secure Vulnerability to Attack US Defense Industry

The Mount Royal Montreal Group 夏星湖

Image source:

At least two hacking groups linked to the CCP have been spying on the U.S. defense industry for months by exploiting a previously undisclosed vulnerability in U.S. networking equipment, researchers and equipment manufacturers said on Tuesday, Reuters reported on April 20.

Utah-based IT company Avanti said in a statement that CCP hackers had exploited a flaw in the Pulse Connect Secure software component of its virtual private network equipment to compromise the systems of a “limited number of customers.” A patch for the vulnerability will not be released until early May.

Avanti did not provide details about the hacking group that launched the spying campaign, but cybersecurity firm FireEye (FEYE.O) said in a report echoing Avanti’s announcement that it suspects at least one hacking group was controlled by the CCP government.

Charles Carmakal of FireEye said prior to the report’s release that “the activities of another suspected hacking group are also consistent with the hacking activities and intelligence gathering pursued by the CCP.”

While linking the hacking group to a specific country is fraught with difficulty, Carmakal said FireEye analysts based their judgment on an analysis of the tactics, tools, devices and targets used by the hacking group – many of which echoed past hacking incidents linked to the CCP.

The Chinese Embassy in Washington did not immediately respond to a request for comment. The CCP is known to generally deny any allegations of hacking actions associated with it.

FireEye declined to disclose the targets of the hacking campaign, noting only that they were “defense, government and financial organizations from around the world.” The cybersecurity firm said the group of hackers suspected of working for the CCP focused on the U.S. defense industry.

The U.S. Department of Homeland Security’s cyber division said in a statement that it was working with Avanti “to better understand the vulnerabilities of Pulse Secure VPN appliances in order to mitigate potential risks to federal civilian and private sector networks.”

The U.S. National Security Agency declined to comment. U.S. officials have repeatedly accused CCP hackers over the years of stealing U.S. military secrets through various means.

More recently, often hard-to-monitor network devices have become a preferred avenue of attack for digital spies.

In 2020, FireEye warned that hacking groups linked to the CCP were targeting network devices made by Citrix (CTXS.O) and Cisco (CSCO.O) to compromise many businesses. FireEye described this as one of the most widespread hacking campaigns by CCP hackers it has seen in years.

While the FireEye report did not specify when the latest round of hacks took place, it said they were investigated “earlier this year.”

Kamal added that the hackers operated from digital devices in the United States and borrowed the usual nomenclature of compromise to hide their activities. In this way, network intrusions appear as if company employees were working remotely from home using Pulse Connect Secure software components without being suspected. He said, “These hackers used some pretty advanced cyber technology.”


Recently, we have seen more and more revelations about CCP cyber hacking activities against the United States and other Western countries. One reason for this is that as the conflict between the CCP and the West intensifies, the CCP is launching a more intense unrestricted war. On the other hand, the U.S. and other countries have gained a deeper understanding of the CCP’s perverse nature with the help of the Whistleblower Movement. In turn, they have strengthened their defenses against the CCP and enhanced their prevention and detection of CCP hacking activities. At the same time, the U.S. introduced a regulation in March that will affect more than 4.5 million businesses restricting the use of CCP China’s information technology, disassociating itself from the CCP’s state technology at a broader level, to more proactively and comprehensively eliminate the CCP’s threat to the U.S. in the field of electronic and cyber technologies. As you can see, the U.S. has raised its guard against the CCP to a record level.

Reference : 

 中共黑客利用Pulse Secure漏洞攻击美国国防工业

(The article merely represents the author’s opinion)

Inline Feedbacks
View all comments

加拿大多倫多楓葉農場 Himalaya Toronto Maple Leaf

Just enjoy the interesting article of Gnews! Jun. 16