According to exclusive information shared with CNN, security firm Palo Alto Networks confirmed that suspected foreign hackers have breached nine organizations in the defense, energy, health care, technology and education sectors.

With the help of the National Security Agency (NSA), cybersecurity researchers are exposing these unidentified hackers to steal important data from US defense contractors and other sensitive targets.

This kind of breach is what the U.S. government is trying to expose before it does too much damage. The goal of going public with this information is to warn other corporations that might be targeted, and to burn the hackers’ tools in the process.

Officials from both the NSA and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are tracking the threat. A division of the NSA that is responsible for mitigating foreign cyber threats to the US defense industrial base contributed information to Palo Alto Networks.

According to Ryan Olson, a senior executive at Palo Alto Networks, the hackers have stolen passwords from the targeted organizations in an effort to maintain long-term access to their networks.

Olson also said that the nine confirmed victims are just the “tip of the spear” of this current spying campaign. He expects that many more victims will emerge. Although responsibility for the activity has not been attributed to a certain group yet, Palo Alto Networks noted that some of the tools and tactics used in this campaign are similar to those used by a Chinese hacking group. Both the NSA and the CISA have decline to comment on the identity of the hackers.

U.S. defense contractors are a common target for foreign hackers because of their abundance of national security-related secrets.

Any organization that associated with the Pentagon could have a data in their emails about defense contracts that could be of interest to foreign spies, said Olson.

“In aggregate, access to that information can be really valuable,” Olson said. “Even if it’s not classified information, even if it’s just information about how the business is doing.”

Palo Alto Networks has revealed that the attackers are exploiting vulnerabilities in software that affected corporations are using to manage their network passwords. In September, CISA and the FBI warned the public about the hackers exploiting these flaws and asked organizations to update their systems. Days later, the attackers scanned 370 computer servers running the software in the U.S. alone, and then began exploiting the software according to Palo Alto Networks.

Olson urged organizations that use the Zoho software to update their systems and search for evidence of a breach.

Federal officials told CNN that the discovery of the hackers’ activity is evidence that their close relationships with cybersecurity firms to stay on top of threats is paying off.

CISA used a public-private defensive program to “understand, amplify, and drive action in response to the activity identified” in the Palo Alto Networks report, said Eric Goldstein, CISA Executive Assistant Director for Cybersecurity.

Morgan Adamski, Director of the NSA Cybersecurity Collaboration Center, said that disclosing the hacking campaign shows how the NSA is “delivering real-time impact to our partners and the defense of the nation.”

Story via CNN