Chinese state-linked hackers target at least six US state governments
From a small, dingy office tucked away in an industrial city in southern China, the Red Hacker Alliance — one of China’s most well-known patriotic “hacktivist” groups — maintain battle in the country’s nationalistic online war. (Photo by NICOLAS ASFOURI / AFP)
At least six US states have been targeted by hackers with tenuous links to the Chinese government and espionage interests, and who successfully exploited vulnerabilities in web programs, cybersecurity company Mandiant said in a report.
Hackers associated with the notorious Chinese group APT41 have been targeting US states in a tenacious and adaptive campaign, according to cloud security firm Mandiant (who are regarded as so good at their cyber threat intelligence and response specialization that Google and Microsoft just had a bidding war over the firm, with Google emerging on top with a US$5.4 billion buyout offer).
From May 2021 to February 2022, the group compromised at least six state government networks by exploiting vulnerabilities in internet-facing programs including an animal health reporting app, the report said. Victims and data targeted by hackers were “consistent with an espionage operation,” Mandiant pointed out, but did not rule out that the motive could have been money given the group’s “history of moonlighting for personal financial gain.”
According to Mandiant, APT41 quickly adapted attacks to take advantage of new computer vulnerabilities that were made public. For example, within hours of Apache Foundation announcing a critical flaw, the hackers began taking advantage of it and compromised at least two US state governments “as well as their more traditional targets in the insurance and telecommunications industries,” the Mandiant report said.
Mandiant said in its hundreds of investigations, like in 2013 when hundreds of attacks were traced to this Shanghai building, showed that groups hacking into US newspapers, government agencies, and companies “are based primarily in China and that the Chinese government is aware of them.” (Photo by PETER PARKS / AFP)
Mandiant researchers described APT41 as highly resourceful. “APT41’s recent activity against US state governments consists of significant new capabilities,” the researchers highlighted.
Beijing, for its part, said in official channels that it “firmly opposes any form of hacking attacks and cracks down on them in accordance with the law.” Foreign ministry spokesman Zhao Lijian told a regular briefing that authorities would not “encourage, support or condone” such acts, while further charging that the US has been spreading false information about China.
The global hacking collective has been accused by US authorities of targeting company servers for ransom, compromising government networks, and spying on Hong Kong activists. Seven members of the group — including five Chinese nationals — were charged by the US Department of Justice in late 2020 with being involved in hacking more than 100 companies around the world.
Targets included computer hardware manufacturers, telecommunications providers, social media firms, video game companies, non-profit organizations, universities, think tanks, foreign governments and pro-democracy politicians, according to Justice officials.
“We assess that China presents the broadest, most active, and persistent cyber espionage threat to US government and private sector networks,” said a threat assessment report released this week by the office of the US director of national intelligence.
Google announced Tuesday a deal to acquire Mandiant for about $5.4 billion, one of the tech giant’s biggest purchases ever as it works to bolster its cloud computing offer. Mandiant, which helps customers prepare for or deal with cyberattacks, is expected to join Google Cloud this year, if the acquisition is approved by regulators.
© Agence France-Presse
6 March 2024