China's government tied to new hack attacks on U.S. government and businesses

⚠️ Federal civilian agencies running Pulse Connect Secure products are required to take immediate action. We encourage all organizations to follow similar steps. Read Emergency Directive 21-03: https://t.co/8TlOwi3zHn pic.twitter.com/nZOJF9bswi

— Cybersecurity and Infrastructure Security Agency (@CISAgov) April 21, 2021

• Charles Carmakal, a senior vice president of Mandiant, told NBC News Wednesday, "We're starting to see a resurgence of espionage activity from the Chinese government."

Driving the news: The U.S. Cybersecurity and Infrastructure Security Agency said in a statement Tuesday that the breach was "affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations."

Zoom in: Carmakal said in an emailed statement that Mandiant "recently responded to multiple security incidents involving the exploitation of Pulse Secure VPN appliances," which is used by businesses for remote work.

• The breach affected "dozens of organizations including government agencies, financial entities, and defense companies" in the U.S. and Europe, he said.
• "We suspect these intrusions align with data and intelligence collection objectives by China," Carmakal added.
• Per Carmakal, the hackers bypassed the multifactor authentication on Pulse Secure devices to access the as-yet unnamed victims' networks, accessing these sites "for several months without being detected."

Of note: President Biden took office a month after cybersecurity firm SolarWinds announced it was hacked in December, in a breach that was later discovered to be part of a massive cyberattack by suspected Russian hackers on multiple government agencies and U.S. firms.

• In response, the Biden administration imposed sweeping sanctions targeting the Russian economy earlier this month.
• Homeland Security Secretary Alejandro Mayorkas announced earlier this month a program designed to counter online attacks.