UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.
The order says state and local governments should “own” addressing risks like cyberattacks. It’s a mismatch when a small town goes up against China, experts countered.
The sanctions place the companies under a strict licensing regime meant to limit their access to foundational technology for quantum computing, cloud and AI.
WASHINGTON, DC – MARCH 31: Brendan Carr, Commissioner at the Federal Communications Commission (FCC) testifies during a House Energy and Commerce Committee Subcommittee hearing on March 31, 2022 in Washington, DC. The subcommittee held a hearing on oversight of the FCC. (Photo by Kevin Dietsch/Getty Images)
Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.
A flurry of unsealed indictments reveal China’s alleged well-coordinated effort to use a hacker-for-hire ecosystem to conduct espionage while obscuring the government’s direct involvement.
CrowdStrike observed significant growth in China’s offensive cyber capabilities last year as more groups used sector-specific skills to target critical industries and technologies.