According to a private cybersecurity firm, Chinese hacking group APT41 was behind at least 6 US State Government hacking incidents last year.
According to a report by Mandiant, the Chinese hacking group working on behalf of China was responsible for the breaches and is known to launch hacking operations for espionage purposes and for financial gain. Though they did not manage to identify the compromised states or find the motive behind the intrusions.
Geoff Ackerman, a principal threat analyst at Reston, Virginia-based Mandiant Inc. said, “While the ongoing crisis in Ukraine has rightfully captured the world’s attention and the potential for Russian cyber threats are real, we must remember that other major threat actors around the world are continuing their operations as usual.”
He further added, “We cannot allow other cyber activity to fall to the wayside, especially given our observations that this campaign from APT41, one of the most prolific threat actors around, continues to this day.”
The state agencies are prime targets for hackers even after the Biden administration has announced no tolerance for such incidents. These attacks are concerning especially in the light of the massive SolarWinds espionage campaign carried out by a Russian hacking group that exploited supply chain vulnerabilities to break into the networks of at least nine U.S. agencies and dozens of private-sector companies.
In the present scenario, the hackers have exploited a previously unknown vulnerability in an off-the-shelf commercial web application used by 18 states for animal health management. Additionally, they have also exploited a software flaw known as Log4j discovered in December. According to US officials, the flaw is present in hundreds of millions of devices.
Rufus Brown, a senior threat analyst at Mandiant, said in a statement, the hackers’ “persistence to gain access into government networks, exemplified by re-compromising previous victims and targeting multiple agencies within the same state, (shows) that whatever they are after it is important. We have found them everywhere, and that is unnerving.”
Earlier APT41 also was involved in a 2020 Justice Department indictment that accused Chinese hackers of targeting more than 100 companies and institutions in the U.S. and abroad. This included the social media and video game companies, universities, and telecommunications providers.
According to the Mandiant report, “Through all the new, some things remain unchanged: APT41 continues to be undeterred by the U.S. Department of Justice (DOJ) indictment in September 2020.”
Though the Chinese government has denied its involvement in such activities, it maintains being a staunch defender of cybersecurity.
RagnarLocker Malware – Ragnar Ransomware Gang Goes Wild – Hits 52 critical US Orgs
Hackers Without Borders Co-Founder on NGO’s timely arrival
False Allegations of Police Spyware by Media – Roni Alsheich