Hackers working for the Chinese government entered the computer networks of at least six US state governments last year, according to a report released by a private cybersecurity firm on Tuesday.
Mandiant’s report did not identify the compromised states or suggest a purpose for the intrusion, which began last May. The Chinese group, however, believes the group responsible for the breach, APT41, is known for launching hacking operations both for the purpose of spying in the old days and for financial gain.
“While the ongoing crisis in Ukraine has caught the attention of the world and the potential for Russian cyber threats is real, we need to keep in mind that other major threat actors around the world are continuing their activities as usual,” said Geoff Ackerman, the main threat. Restton, Virginia-based Mandiant analyst.
He added in his statement: “We cannot allow other cyber activity to get in the way, especially based on our observations that this APT41 campaign, one of the biggest threat actors around, continues today.”
State agencies remain a viable target for hackers, and even the Biden administration has announced additional measures to protect the federal government system from hacking. This is a matter of particular concern in light of the widespread propaganda of Solarwinds espionage, where Russian intelligence has exploited the weaknesses of the supply chain to gain access to the networks of at least nine US agencies and dozens of private-sector companies.
In this case, the report said, hackers exploited previously unknown vulnerabilities in an off-the-shelf commercial web application used by 18 states for animal health management.
In addition, they exploited a software flaw known as Log4j, which was discovered in December, and U.S. officials said it may have been present on millions of devices. The report says hackers began exploiting vulnerabilities within hours of a tip that made it public, and late last month they reconciled victims of two previous U.S. state governments.
Examples of hackers “persevering in gaining access to government networks, reconciling previous victims and targeting multiple agencies within the same state, (showing) that they are important no matter what,” Rufus Brown, a senior threat analyst at Mandiant, said in a statement. “We’ve found them everywhere, and it’s annoying.”
The same hacking group, APT41, was involved in a 2020 lawsuit accusing Chinese hackers of targeting more than 100 companies and organizations in the United States and abroad, including social media and video game companies, universities and telecommunications providers.
“Through all the new ones, some things remain unchanged: APT41 continues to be the subject of complaints by the U.S. Department of Justice (DOJ) in September 2020,” the Mandiant report said.
The Chinese government has in the past described itself as a staunch defender of cybersecurity and dismissed US allegations of hacking as “baseless” speculation.
The companies announced on Tuesday that Mandiant was being acquired by Google in a deal worth $ 5.4 billion (approximately Rs 41497.65 crore).
Thomson Reuters 2022