Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
China Security

Days Before a Report, Chinese Hackers Removed Malware From Infected Networks 28

An anonymous reader shares a report: Last month, security firm FireEye detected a Chinese hacking campaign that exploited a zero-day vulnerability in Pulse Secure VPN appliances to breach defense contractors and government organizations in the US and across Europe. The hacking campaign allowed the threat actors -- two groups which FireEye tracks as UNC2630 and UNC2717 -- to install web shells on Pulse Secure devices, which the attackers used to pivot to internal networks from where they stole internal network credentials, email communications, and sensitive documents.

But in a follow-up report published today, FireEye said it found something strange -- namely that at least one of the groups involved in the attacks began removing its malware from infected networks three days before its researchers exposed the attacks. "Between April 17th and 20th, 2021, Mandiant incident responders observed UNC2630 access dozens of compromised devices and remove webshells like ATRIUM and SLIGHTPULSE," researchers said on Thursday. The threat actor's actions are highly suspicious and raise questions if they knew of FireEye's probing.
This discussion has been archived. No new comments can be posted.

Days Before a Report, Chinese Hackers Removed Malware From Infected Networks

Comments Filter:
  • ...that state-sponsored hackers would have implants in the IT system of a leading, U.S. cybersecurity firm? Inconceivable!! Seriously, FireEye, don't you test your own networks? I hear that Eliot Anderson is available to lead a team.
  • The level active hostility the Chinese egnage in toward are interests is stagger. The fact they we even pretend we can or should haven normal trade and national relations with them just show how deeply corrupt our own leadership is.

    Responsible government would have recalled all US citizens from Chinese territories, required the null routing of all Chines networks, expelled all Chinese nationals, and sanctioned all Chinese financials 15 years ago!

    • Re: (Score:3, Funny)

      by barcarolle ( 581253 )
      How stagger is it?
      • by Entrope ( 68843 )

        Much stagger. Very egnage. So haven normal trade! Never Chines networks.

        I'm sure there is a dogecoin tie-in somewhere here. Maybe the attackers are running mining software on the compromised computers.

      • How stagger is it?

        Stop trying to make `stagger' happen.

    • by retchdog ( 1319261 ) on Friday May 28, 2021 @01:14PM (#61431958) Journal

      Your level broken Egnlish are also stagger.

      Also, uh, what's with the China hate all of a sudden? I mean, I get it, but why now? Nothing has really changed in the past fifty years but now everyone is shocked SHOCKED that doing business with literal authoritarian communists hasn't magically transformed them into a docile vassal state. It's hilarious cluelessness from left to right, top to bottom.

      • by decep ( 137319 ) on Friday May 28, 2021 @01:40PM (#61432030)

        What has changed? Money.

        There was a time when you could put in a modicum of effort [cheaply] for securing your network and still be relatively secure.

        Now... It does not matter how small you are, it is insanely expensive to secure systems properly. "Properly" has always been a matter of debate, but whatever your definition, "properly" is a lot more expensive now than it was 10 years ago.

      • by g01d4 ( 888748 ) on Friday May 28, 2021 @01:51PM (#61432062)

        Nothing has really changed in the past fifty years

        But it has. In short, fifty years ago the Chinese wouldn't have bothered to make the effort. The dramatic increase in individual income in China (to over simplify) was supposed to lead to more a democratic form of government as the 'people' have more interest (i.e. property) to protect. That has been forestalled by the government which, to legitimize itself and stay in power, now has to accommodate this interest when setting policy. How well this works without direct electoral feedback is still tbd as their economy and society continue to rapidly evolve.

      • Nothing has really changed in the past fifty years

        The Chinese motivations haven't changed, however, their ability to implement them has remarkably.

    • by dargaud ( 518470 )
      With your broken english I wonder what country and interests you represent. What's your angle ?
  • Everyone hacks them
  • "Last month, security firm FireEye detected a Chinese hacking campaign that exploited a zero-day vulnerability in Pulse Secure VPN appliances

    Is this the same FireEye that couldn't protect Equifax. I guess it took this long for them to come up with this cyber BS.

    How FireEye and Equifax handles unhandled malware [cnmeonline.com]
  • Probably several.
    • Would they need one, though? Apparently, Chinese military hacking groups can put implants in any system they choose.
      • The timing and surreptitious nature of the Chinese response is suspicious. It's probably worth the FBI's time to interview the FireEye employees who were involved with and aware of this issue.

"Hello again, Peabody here..." -- Mister Peabody

Working...