At least one U.S. company, but probably more, is among several firms that a Santa Clara-based cybersecurity firm says has been infiltrated via some sort of password theft scheme that appears to be targeting the Department of Defense.
The latest international attempt to infiltrate the U.S. Department of Defense appears to have been to some degree successful, and according to KTVU, the password theft scheme targeted at least 370 different companies worldwide. That’s the assessment of Santa Clara-based cybersecurity firm Palo Alto Networks, and KTVU reports that the hackers did breach “nine global organizations across the defense, education, energy, health care and technology sectors.”
The reporting is all quite purposefully vague, and none of the companies who were breached are named. But according to CNN, “at least one of those organizations is in the U.S.”
“As early as Sept. 17 the actor leveraged leased infrastructure in the United States to scan hundreds of vulnerable organizations across the internet,” Palo Alto Networks said in a Sunday statement. “Subsequently, exploitation attempts began on Sept. 22 and likely continued into early October. During that window, the actor successfully compromised at least nine global entities across the technology, defense, healthcare, energy and education industries.”
CNN has more detail, and plain English. “The hackers have stolen passwords from some targeted organizations with a goal of maintaining long-term access to those networks,” CNN reports. “The intruders could then be well placed to intercept sensitive data sent over email or stored on computer systems until they are kicked out of the network.”
The breach targeted companies using something called Zoho ManageEngine servers. If you or your company uses those, well, you’re advised to update that software and look for any signs of a breach.
Related: Tesla Successfully Thwarts Russian Ransomware Attack [SFist]
Image:Mika Baumeister via Unsplash