According to a study issued Tuesday by a private cybersecurity firm, hackers working for the Chinese government hacked into the computer networks of at least six state governments in the United States in the previous year.
Mandiant’s report does not name the penetrated states or give a reason for the incursions, which began in May and lasted until last month. However, APT41, the Chinese organization suspected of being behind the hacks, is notorious for conducting cyber operations for both traditional espionage and financial gain.
“While the ongoing situation in Ukraine has deservedly captivated the world’s attention, we must remember that other key threat actors throughout the world are continuing their activities as-is,” said Geoff Ackerman, a principal threat analyst with Mandiant Inc. in Reston, Virginia.
“We cannot let other cyber activities to go by the wayside,” he said in his statement, “particularly given our findings that this campaign from APT41, one of the most prolific threat actors globally, continues to this day.”
Despite the Biden administration’s announcement of extra efforts to protect federal government networks from hacking, state entities remain easy targets for hackers. This is an especially pressing worry in light of the enormous SolarWinds espionage effort, in which Russian intelligence operatives exploited supply chain flaws to sneak into the networks of at least nine US agencies and scores of private-sector firms.
According to the study, the hackers took advantage of a previously undiscovered weakness in a commercial off-the-shelf tool used by 18 states for animal health management. They also took use of a software hole known as Log4j, which was identified in December and is thought to be present in hundreds of millions of devices, according to US officials. Within hours of an advisory disclosing the vulnerability to the public, the hackers began exploiting it, utilizing it to re-compromise two state government networks.
In a statement, Rufus Brown, a senior threat analyst at Mandiant, said that the hackers’ “persistent attempts to gain access into government networks, exemplified by re-compromising previous victims and targeting multiple agencies within the same state, show that whatever they are after is important.” “We’ve discovered them all around, which is unsettling.”
The breach is linked to APT41, which was named in a Justice Department indictment in 2020 accusing Chinese hackers of targeting over 100 corporations and institutions in the United States and overseas, including social media and video game firms, colleges, and telecommunications providers.
“Despite all of the new, some things stay the same: APT41 continues to be undaunted by the US Department of Justice (DOJ) indictment in September 2020,” according to the study.
In the past, the Chinese government has dismissed US charges of hacking.
Google has agreed to buy Mandiant for $5.4 billion, the firms said on Tuesday.