According to information shared by security firm Palo Alto Networks, suspected foreign hackers have accessed nine firms in the defense, energy, health care, technology, and education sectors, at least one of which is in the United States.

Cybersecurity experts are disclosing an ongoing operation by these anonymous hackers to steal crucial data from US defense contractors and other sensitive targets with the help of the National Security Agency.

It’s the kind of cyber espionage that both the Biden and Trump administrations have been working hard to expose before it causes too much harm. The purpose of making the material public is to alert other companies that might be attacked and, in the process, burn the hackers’ tools.

The threat is being tracked by officials from the National Security Agency (NSA) and the US Cybersecurity and Infrastructure Security Agency (CISA). The Palo Alto Networks study included analysis from an NSA branch responsible for mitigating foreign cyber threats to the US defense industrial base.

According to Ryan Olson, a senior Palo Alto Networks executive, the hackers have obtained credentials from several targeted firms with the goal of preserving long-term access to those networks. Until they are driven out of the network, the intruders could be in a good position to intercept sensitive data delivered by email or kept on computer systems. The nine confirmed victims, according to Olson, represent the “tip of the spear” of the alleged surveillance campaign, and he expects more victims to emerge. Although it’s unknown who’s behind the attack, Palo Alto Networks says some of the attackers’ tactics and tools are similar to those employed by a suspected Chinese hacker gang.

The NSA and CISA both declined to comment on the hackers’ identities.

Foreign hackers frequently target US defense contractors because of their treasure of national security information.
Mandiant, a cybersecurity firm, disclosed earlier this year that China-linked hackers had been breaching defense, banking, and public sector companies in the US and Europe via a different software flaw.

According to Olson, who is vice president of Palo Alto Networks’ Unit 42 branch, any company doing business with the Pentagon could have a variety of material in their emails concerning defense contracts that could be of interest to foreign spies.

Morgan Adamski, director of the NSA’s Cybersecurity Collaboration Center, said in a statement that the hacking campaign demonstrates how the agency is “delivering real-time effect to our partners and the defense of the nation.”