WASHINGTON — In the past year, hackers working for the Chinese government hacked into the computers of at least six US state governments. According to a Tuesday report by a private cybersecurity company.
Mandiant‘s report does not identify the affected states nor give a reason for the intrusions that began in May. APT41, the Chinese group suspected of launching hacking operations, is well-known for its old-fashioned espionage and financial gains.
“While the Ukraine crisis has captured the attention of the world and the potential for Russian cyber threats have real consequences, we must not forget that other major threat actors around this world are continuing to operate as-usual,” stated Geoff Ackerman (a principal threat analyst at Reston-based Mandiant Inc.
In his statement, he added: “We cannot permit other cyber activity to be overlooked, especially considering our observations that APT41 continues to operate as one of the most prolific threat agents around.”
Even though the Biden administration announced additional measures to protect federal government systems against hacking, state agencies are still easy targets. This is especially true in light of the massive SolarWinds spying campaign, in which Russian intelligence operatives used supply chain vulnerabilities to hack into the networks at least nine U.S. government agencies and dozens private-sector businesses.
According to the report, hackers exploited an unknown vulnerability in a commercial web application that 18 states use for animal health management.
They also exploited the software flaw Log4j, which was discovered in December. Officials from the United States said that it could be present on hundreds of millions of devices. According to the report, hackers exploited the vulnerability within hours of the disclosure to the public. They also re-compromised two other victims of the U.S. state governments late last month.
Rufus Brown, a Mandiant senior threat analyst, stated in a statement that hackers “persistence to gain entry into government networks, which is exemplified through re-compromising victims and targeting multiple agencies within one state, (shows] that whatever they want it to be important.” They are everywhere and it is alarming.
APT41 was also implicated in a 2020 Justice Department Indictment . This indictment charged Chinese hackers with targeting more than 100 institutions and companies in the U.S. and overseas, including universities, social media companies, and telecommunications providers.
The Mandiant report states that “despite all the changes, some things remain the same: APT41 continues not to be deterred by U.S. Department of Justice’s (DOJ) indictment of September 2020.”
In the past, the Chinese government has been a staunch defender cybersecurity and dismissed U.S. hacking accusations as “groundless speculation”.
Google has announced that Mandiant will be acquired by Google in an acquisition valued at $5.4 billion.