John Dwyer, research director at cybersecurity firm Binary Defense, said in an interview on Wednesday that Chinese government-backed hackers infiltrated the network of a U.S.-based global engineering company and remained hidden for months before being discovered.
In an interview with The Register, Dwyer declined to name the engineering firm that was targeted or the Chinese cyber espionage team that penetrated its systems. He said the company in question “manufactures parts for public and private aerospace organizations and other critical sectors, including oil and gas.”
Dwyer said the Chinese intruders gained access to the network through “one of the victim's three unmanaged AIX servers.”
AIX is a proprietary version of the Unix operating system. Sold From IBM: Although Unix is an older system, it is still widely used and IBM still actively supports AIX.
The Register inferred from Dwyer's comments that the targeted companies had effectively forgotten about three old servers connected to their internal networks, creating vulnerabilities that Chinese hackers could exploit. All three servers were exposed to the internet without adequate protection. One of the servers reportedly gave remote users full administrative privileges by default, a major security flaw.
The AIX servers were also said to have been a hotbed of intrusion, who remained hidden on the network for four months before the company detected it and notified federal law enforcement agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). Binary Defense was also consulted on a response, and that's when Dwyer learned details of the intrusion.
The hackers reportedly spent a long time embedded in the system, uploading data and blowing gaping holes in security, effectively gaining “full remote access to the IT network.” Among other dangers, the hackers may have gained the ability to manipulate companies' supply chains to deliberately produce defective products.
“The scary thing is, our supply chains have assumed risk chains, and whoever consumes the end product, whether that's the government, the Department of Defense, the school system, they're taking on the risk of all the interconnected parts of the supply chain,” he said.
Dwyer detailed the havoc the Chinese hackers have wreaked on network security, but did not say whether they stole data from targeted companies or tried to disrupt supply chains. He found wry humor in the attackers' apparent confusion with AIX, which is very similar to Unix but didn't recognize some of the standard Unix commands the intruders were trying to execute.
Dwyer felt that one of the key lessons to be learned from this incident was that older computers connected to large networks can create major security gaps, especially if they are not updated and locked down according to current security standards for active systems on the network.
Dwyer noted that the three AIX servers “were not compatible with the organization's security monitoring tools,” which is why the hackers were able to remain undetected for months. Tried It's a prank that's bad enough to set off an alert in network security programs, using memory dumps to steal user IDs and passwords from other computers on the network.
Cybersecurity professionals are increasingly I was worried “Legacy systems” are old machines that can become “digital time bombs” if network administrators forget about them or underestimate their vulnerabilities. The last few generations of computers have become much more robust and durable than their predecessors, so large networks still run old or semi-outdated machines, especially in cost-conscious enterprises that avoid expensive upgrades whenever possible.
