The apparent espionage activity, which the National Security Agency helped investigate when it emerged in recent months, is more extensive than previously known and has seen the hackers steal passwords from targeted organizations with the goal of intercepting sensitive communications.
The cybersecurity researchers in November publicly confirmed just one victimized US organization, but they now say the number is at least five and could continue to grow.
Several sectors are targeted
Palo Alto Networks identified about 600 cases in the US of systems running a type of vulnerable software that the hackers have exploited. That includes installations at 23 universities, 14 state or local governments and 10 health care organizations, the researchers said.
It's the type of digital spying that the US government has for years tried to expose before it compromises sensitive data related to national security or trade secrets.
The hacking effort shares similarities with the techniques of a group Microsoft has identified as operating in China, Palo Alto Networks said. The ultimate impact of the computer intrusions is not yet clear because investigations of the breaches are ongoing. But Palo Alto Networks' Unit 42 researchers believe the hackers could be trying to gain long-term access to computer systems in order to siphon off key data from US companies.
"This adversary has aggressively targeted organizations in the United States and elsewhere in defense, technology and other critical sectors," Ryan Olson, vice president of Palo Alto Networks' Unit 42 division, commented.
"While we're still learning more about the impact of these attacks, we urge organizations to quickly patch vulnerable systems and follow recommendations for determining whether they've been compromised," Olson said.
The NSA declined to comment on the new research. The US Cybersecurity and Infrastructure Security Agency, which has also sought to blunt the impact of the hacking campaign, referred questions to Palo Alto Networks.
Beijing denies hacking operations
The Chinese Embassy in Washington did not respond to a request for comment. While Beijing routinely denies conducting hacking operations, cybersecurity has been a regular source of tension in US-China relations for years.
The Biden administration in July blamed China
for different hacking activities that exploited Microsoft email software and, experts say, exposed organizations across the world to follow-on hacks from cybercriminals.
A senior Biden administration official at the time called it part of "a pattern of irresponsible behaviour in cyberspace" from China. Beijing denied involvement.
The latest suspected Chinese cyber activity does not appear to risk that level of collateral damage. But it still has the attention of senior US cybersecurity officials, who have worked with the researchers to warn potential victim companies.
Hackers shifting approach
The hackers have in recent weeks shifted from exploiting one popular piece of software to another in a quest to compromise more organizations. Fixes are available for both software products, which are made by the multinational technology firm Zoho. But many of the firms' customers have yet to update their systems and remain vulnerable.
If Chinese involvement in the campaign is confirmed, it would add to multiple instances in recent years of alleged Chinese hackers seeking to burrow into the networks of US defence contractors. A 2014 Senate investigation
found that Chinese government-linked hackers had breached contractors for US Transportation Command 20 times in one year. The command, which is responsible for the global movement of US troops and military equipment, had been aware of only two of those breaches.
IMAGE SOURCE: PIXABAY