According to a report by security firm Palo Alto Networks, a group of unidentified criminals scanned at least 370 servers across the US in September and October.
The scans were “largely indiscriminate in nature,” the firm said, with targets ranging from educational institutions to servers linked to the Department of Defense.
Using publicly available Chinese-language tools, hackers breached at least nine organizations globally, the firm said. Palo Alto Networks did not identify which organizations were compromised, but said they worked in industries related to technology, defense, healthcare, energy and education.
The Palo Alto Networks vice president responsible for threat intelligence, Ryan Olson, told CNN the nine victims were the “tip of the spear” of a larger apparent spying campaign. Olson said hackers have stolen passwords from targeted organizations hoping to maintain long-term access to their networks.
CNN reported that the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) were tracking the hackers’ activities, and the NSA has helped Palo Alto Networks to analyze the threat. The NSA and CISA declined to comment on the identity of the hackers, the channel said.
Cyber criminals around the world have managed to successfully breach multiple large corporations and government agencies in recent years, demanding ransom money for sensitive data, or trying to sell it on the darknet. Just weeks ago, hackers broke into the Indian servers of Taiwanese electronics giant Acer, reportedly obtaining personal information on millions of customers.