US cyber officials issued an “emergency directive” on Thursday, ordering federal agencies to defend their networks against an “advanced” group of hackers. The hackers have breached at least one agency in what appears to be an espionage campaign. Although government officials have not commented on who is behind the hacks, private experts from the cyber firm Palo Alto Networks believe the hackers are state-backed and based in China. The hackers have been exploiting previously unknown flaws in software made by Cisco for several months.
Chris Butera, a senior official at the Cybersecurity and Infrastructure Security Agency (CISA), said that there are “hundreds of these devices” running the affected Cisco software in the federal government. The directive will help officials understand “the full scope of the compromise across federal agencies.” The directive gives civilian agencies until the end of Friday to update their software and report any compromises. A Cisco spokesperson confirmed that the company investigated the hacks with “several” government agencies in May and has since discovered three new vulnerabilities. The company has urged its customers to update their software to mitigate the threat.
Hackers Exploiting Cisco Software Flaws
Sam Rubin, a senior vice president at Unit 42, a division of Palo Alto Networks, warned that now that a software “patch,” or fix, is available, attacks are likely to escalate. “We can expect attacks to escalate as cybercriminal groups quickly figure out how to take advantage of these vulnerabilities,” he said. The British government also issued a warning on Thursday about the hacking campaign, calling the malicious code used by the hackers a “significant evolution” from their previous tools.
This latest disclosure comes just days after researchers with Google-owned firm Mandiant revealed that another team of suspected Chinese hackers had infiltrated U.S. software developers and law firms. Mandiant said that campaign was aimed at collecting intelligence to help Beijing in its ongoing trade fight with Washington and that the recovery from those breaches could take months. This new “emergency directive” highlights a pattern of sophisticated, state-backed cyberattacks targeting U.S. government agencies and private businesses for intelligence and espionage.
What The Author Thinks
This “emergency directive” highlights a new and increasingly dangerous front in geopolitical conflict. State-backed cyberattacks, particularly for espionage, are a constant and largely unseen threat that can disrupt government operations and compromise national security. The hackers’ ability to exploit “previously unknown flaws” and remain undetected for months is a testament to their sophistication. This incident serves as a powerful reminder that in today’s interconnected world, national security is as much about protecting digital infrastructure as it is about traditional military defense. The vulnerability of these widely used systems to attack, and the ability of hackers to use them as a vector for intelligence gathering, is a critical issue that will define the future of international relations.
Featured image credit: Daily CSR
For more stories like it, click the +Follow button at the top of this page to follow us.