Telecommunications giant Verizon and one of the largest water agencies in the United States were reportedly among high-value targets hit by a suspected Chinese-backed cyber-espionage campaign involving Pulse Connect Secure networking devices that came to light in April.
Pulse Secure devices are used by many companies and governments for secure access to their networks. According to security researchers, dozens of high-value entities that have yet to be named were targeted in the Pulse Secure hack. Ivanti, the Utah-based owner of Pulse Connect Secure, declined to comment what customers were affected and said that the Pulse Secure team “worked closely with affected customers over the past months to mitigate these issues quickly and effectively.”
Verizon told The Associated Press that it found a Pulse-related compromise in one of its labs but it was quickly isolated from its core networks. The company said no data or customer information was accessed or stolen.
“We know that bad actors try to compromise our systems,” said Verizon spokesman Rich Young. “That is why internet operators, private companies and all individuals need to be vigilant in this space.”
The Metropolitan Water District of Southern California, which operates some of the largest treatment plants in the world, said it found a compromised Pulse Secure device after CISA’s alert released in April warning that hackers had breached multiple government agencies and other critical organizations using vulnerabilities in Pulse Secure devices.
Spokeswoman Rebecca Kimitch said the appliance was immediately removed from service and no Metropolitan systems or processes appear to have been affected. She said there was “no known data exfiltration.”
Earlier this month, The New York Times reported that suspected Chinese hackers breached computers of the New York transit agency. The hackers did not gain access to systems that control train cars and rider safety was not at risk, officials said.