According to a study issued Tuesday by a private cybersecurity company, hackers operating on behalf of the Chinese government gained access to the computer networks of at least six state governments in the United States in the previous year.
The Mandiant report does not name the countries that have been infiltrated or provide a reason for the incursions, which started in May of last year. However, the Chinese hacker organisation APT41, which is suspected of being behind the hacks, is well-known for conducting cyber operations for both traditional espionage reasons and financial gain.
We must remember that while the ongoing crisis in Ukraine has rightly drawn attention worldwide and the threat of Russian cyber attacks is real, other major threat actors around the world are continuing their operations as-usual, according to Geoff Ackerman, a principal threat analyst at Reston, Virginia-based Mandiant Inc.
“We cannot let other cyber activities to go by the wayside, particularly given our findings that this campaign from APT41, one of the most prolific threat actors on the planet, continues to this day,” he said in his statement.
Although the Biden administration has announced more measures to protect federal government networks from hacking, state entities continue to be attractive targets for hackers. As a result of the major SolarWinds espionage effort, in which Russian intelligence agents exploited supply chain weaknesses to sneak into the networks of at least nine U.S. government agencies and scores of private-sector organisations, this is a particularly pressing worry.
Specifically, the investigation alleges that the hackers took advantage of a previously undiscovered weakness in a commercial online programme that was being utilised by 18 states for animal health monitoring at the time of the attack.
Aside from that, they took use of a software hole known as Log4j, which was found in December and was claimed to be present in hundreds of millions of devices by U.S. authorities, according to the officials. According to the study, the hackers started exploiting the weakness within hours of an alert announcing it to the public, and by late last month, they had re-compromised two earlier victims from the United States’ state governments.
An indictment by the Justice Department in 2020 named the same hacking organisation, APT41, and accused Chinese hackers of targeting more than 100 businesses and institutions in the United States and internationally, including social media and video game firms, colleges, and telecommunications providers.
“Despite all of the changes, certain things stay the same: APT41 remains unfazed by the impending indictment by the United States Department of Justice (DOJ) in September 2020,” according to the Mandiant report.
In the past, the Chinese government has positioned itself as a committed protector of cybersecurity and has rejected claims of hacking by the United States as “groundless” conjecture.