At least two groups of China-related hackers have spent months exploiting a previously unknown vulnerability in American virtual private network devices to spy on the U.S. defense industry, researchers and the device maker said Tuesday.
The Utah-based IT company Ivanti said In a statement, the hackers used the flaw in their Pulse Connect Secure suite to break into the systems of “a very limited number of customers”.
Ivanti said While remedial action has been taken, a solution to the problem would not be available until early May.
Ivanti did not reveal details of who might be responsible for the espionage campaign, but in a report aligned with Ivanti’s announcement, cybersecurity firm FireEye Inc.(FEYE.O) It has been suggested that at least one of the hacking groups is working on behalf of the Chinese government.
“The other that we suspect is consistent with initiatives and collections in China,” said Charles Carmakal, senior vice president of Mandiant, an arm of Fireye, before the …