Hackers With China Ties Linked to Global Password Thefts

WASHINGTON – A U.S. cybersecurity firm says a hacking group possibly linked to China has breached nine global organizations including at least one in the United States.

The report by Palo Alto Networks of Santa Clara, California, said it found malicious actors were actively stealing passwords from target organizations with the goal of maintaining long-term access.

The report said from September 22 into early October, the hackers compromised at least nine entities in sectors such as technology, defense, health care, energy and education. None is unidentified in the report. One organization is in the United States.

Ryan Olson, vice president of threat intelligence at Palo Alto Networks, said that “any company doing business with the Pentagon could have a range of data in their emails about defense contracts that could be of interest to foreign spies.”

Nicholas Eftimiades, an assistant teaching professor at Penn State University and a former CIA intelligence officer, told VOA Mandarin the tactics used in these attacks are usually employed against foreign governments. In this case, the hacking group used the tactics against commercial interests on a global scale.

Eftimiades added that if these attacks had not been detected, the threat group would have gained access to thousands of companies and been able to conduct espionage from those companies.

The report was released on the Palo Alto Networks website on November 7. The Chinese Ministry of State Security did not respond to VOA’s request for comment.

Olson told CNN, which first reported the breach, that “in aggregate, access to that information can be really valuable,” adding, “even if it’s not classified information, even if it’s just information about how the business is doing.’

Palo Alto Networks said it detected two programs that were used, Godzilla and NGLite.

Both included instructions in Chinese “and are publicly available for download on GitHub,” said the firm’s report. GitHub is used by millions of developers and companies worldwide for many things including sharing computer code.

The cybersecurity firm added that the tactics used in the attacks appear similar to those used by Emissary Panda, a Chinese threat group that has been…