The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector.
Confirmation that the NSA is tracking these cyberattacks comes days after Mandiant reported that suspected Chinese espionage hackers have made “mass attempts” to exploit multiple vulnerabilities impacting Ivanti Connect Secure, the popular remote access VPN software used by thousands of corporations and large organizations worldwide.
Mandiant said earlier this week that the China-backed hackers tracked as a threat group it calls UNC5325 had targeted organizations across a variety of industries.
This includes the U.S. defense industrial base sector, a worldwide network of thousands of private sector organizations that provide equipment and services to the U.S. military, Mandiant said, citing earlier findings from security firm Volexity.
Akamai said in an analysis published last week that hackers are launching approximately 250,000 exploitation attempts each day and have targeted more than 1,000 customers.
The U.S. National Security Agency is buying vast amounts of commercially available web browsing data on Americans without a warrant, according to the agency’s outgoing director.
The NSA did not say from which providers it buys commercially available internet records.
Previous reporting shows the Defense Intelligence Agency bought access to a commercial database containing Americans’ location data in 2021 without a warrant.
A week later, the FTC brought similar action against InMarket, another data broker, saying the company did not obtain users’ explicit consent before collecting their location data, and banned the data broker from selling consumers’ precise location data.
When reached by email, NSA spokesperson Eddie Bennett confirmed the NSA collects commercially available internet netflow data, but declined to clarify or comment on Nakasone’s remarks.
AI aides nation-state hackers but also helps US spies to find them, says NSA cyber directorNation state-backed hackers and criminals are using generative AI in their cyberattacks, but U.S. intelligence is also using artificial intelligence technologies to find malicious activity, according to a senior U.S. National Security Agency official.
“We already see criminal and nation state elements utilizing AI.
“We’re seeing intelligence operators [and] criminals on those platforms,” said Joyce.
“On the flip side, though, AI, machine learning [and] deep learning is absolutely making us better at finding malicious activity,” he said.
“Machine learning, AI, and big data helps us surface those activities [and] brings them to the fore because those accounts don’t behave like the normal business operators on their critical infrastructure, so that gives us an advantage,” Joyce said.
