A hacking group with potential ties to China has breached nine global organizations as part of an ongoing espionage effort mostly targeting the defense sector, findings made public Sunday revealed.
According to a report from cybersecurity company Palo Alto Networks, the hackers targeted at least 370 organizations running potentially vulnerable Zoho servers in the U.S. alone, successfully compromising at least one, as part of a wider global campaign.
The compromised groups operated in the defense, education, energy, health care and technology sectors, with a potential focus on servers used by companies working with the Department of Defense.
The report labels the Chinese threat group as “Emissary Panda.”
CNN first reported the story on Sunday, noting that the National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) were actively tracking the threat.
Palo Alto Networks did not name any of the targeted organizations, and noted that it was sharing the information in an effort to raise awareness about the threat and patch against the vulnerabilities it exploited.
The attacks began in mid-September, and continued in October. CISA, the U.S. Coast Guard and the FBI put out an alert just prior to the beginning of the threat activity warning that hackers were actively exploiting the vulnerability on Zoho Manage Engine.
“Ultimately, the actor was interested in stealing credentials, maintaining access and gathering sensitive files from victim networks for exfiltration,” Palo Alto Networks researchers wrote in the report.
The report noted that threat information has been shared with other members of the Cyber Threat Alliance, which includes many leading cybersecurity organizations.