China behind another hack as U.S. cybersecurity issues mount

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

China is behind a newly discovered series of hacks against key targets in the U.S. government, private companies and the country’s critical infrastructure, cybersecurity firm Mandiant said Wednesday.

The hack works by breaking into Pulse Secure, a program that businesses often use to let workers remotely connect to their offices. The company announced Tuesday how users can check to see if they were affected but said the software update to prevent the risk to users won’t go out until May.

The campaign is the third distinct and severe cyberespionage operation against the U.S. made public in recent months, stressing an already strained cybersecurity workforce. The U.S. government accused Russia in January of hacking nine government agencies via SolarWinds, a Texas software company widely used by American businesses and government agencies. In March, Microsoft blamed China for starting a free-for-all where scores of different hackers broke into organizations around the world through the Microsoft Exchange email program.

In all three campaigns, the hackers first used those programs to hack into victims’ computer networks, then created backdoors to spy on them for months, if not longer.

The U.S. Cybersecurity and Infrastructure Security Agency, or CISA, said in a warning Tuesday evening the latest hacking campaign is currently “affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations.”

CISA activated its strictest emergency powers Tuesday evening, mandating that every civilian government agency scan to see if they were affected by the hack and to take actions to fix it. Though it’s historically rare for it to do so, it’s the second time in seven weeks the agency has issued an emergency directive after the Exchange hack.

“In recent months we have issued them with increasing frequency, which is certainly a concern and something we don’t take lightly,” said Matt Hartman, the agency’s deputy executive assistant director of cybersecurity.

“We at CISA are very concerned,” he said.

Unlike the hacks on SolarWinds and Exchange, both of which had at least tens of thousands of potential victims, there’s little indication that China used Pulse to…