Posted on March 10, 2022 at 7:06 AM
A recent report by cybersecurity firm Mandiant noted that hackers with links to China’s Ministry of State Security have been seen infiltrating government networks across the United States.
According to the report, the hacking syndicate, known as APT41, started targeting at least six state governments last spring and were still active up until the end of February. “This is a pretty unique switch,” senior threat analyst at Madinat, Rufus Brown, stated.
While there are six confirmed states affected, there could be more states impacted that have not been confirmed yet, the researchers stated.
In line with the discovery, US Deputy Attorney General Jeffrey Rosen stated that there was a computer hacking incident by the APT41 gang, which has ties to the Chinese government. However, he did not mention which states were affected by the attack.
A Batch Of Personal Identifying Information Was Stolen
It is not clear how much information the hacking syndicate has succeeded in siphoning from the various state agencies. However, the threat actors moved swiftly from one department to another, and in one instance, stole a batch of personal identifying information, according to Brown.
In addition, the report also noted that the threat actors launched attacks on the Microsoft-based agriculture database but were unsuccessful. The database, known as USAHerds, is used by 18 states for the documentation of livestock health, known as the USA. The National Agribusiness Technology Centre is responsible for running the USAHerds. When approached for comment on the matter, the organization declined to comment.
And after the “log4j” vulnerability was exposed last year, the threat actors started using the flaw to target more U.S. agencies.
Brown said stopping this group of threat actors is not easy, but the only feasible solution is to arrest the individuals. Even this method, according to the researcher, may not help for a long time, because other people may be introduced into the group to continue where their predecessor stopped.
U.S. Federal Government Wary Of Chinese Intentions
The cyberattacks come at a period when top Chinese leaders are talking about maintaining close ties with individual states. The call is to try and provide a counterbalance to Beijing’s worsening relationship with the American government. In 2020, Chinese leader Jinping stressed the need for his country to work with “American states, local councils, and businesses.
In response, some state governors have made their desire to maintain strong ties with China known. Both countries share very important trade relations, which have been threatened by geopolitical tensions in recent times. However, their counterparts in Washington are still criticizing Beijing.
Secretary of state during former president Donald Trump’s administration, Mike Pompeo, warned states to be wary of Chinese relations and investment in their states. At the time, he said the competition with China is not only a federal issue but transcends to state governments as well.
The Justice Department stated that one of the defendants boasted that he was under the protection of the Chinese Ministry of State Security, the country’s intelligence agency.
In the latest development, Brown noted that investigation revealed that the attack was carried out by the APT41 group. This means that the arrest made by the U.S. government didn’t stop the group from recruiting more people to continue their attack on U.S. agencies.
On Tuesday, Google’s parent company Alphabet announced that it has concluded plans to buy Virginia-based Mandiant for $5.4 billion. The tech giant hopes to broaden the company’s operations in the cybersecurity space once the deal is done.
China Keeps Denying Involvement
The U.S government and state agencies have blamed the Chinese government for the incessant attacks of the APT41 hacking syndicate on U.S soil. They claimed that a series of investigations have revealed that the group is sponsored by the Chinese intelligence unit. However, the Chinese government has continued to deny the claims, saying the accusations have no basis.
On Saturday, Chinese Premier Li Keqiang called for the strengthening of data security, cybersecurity, and personal information protection in China. He was speaking during the opening ceremony of the National People’s Congress. However, he didn’t mention anything relating to the recent hacking report by Mandiant but said China will stand against accusations of cybersecurity threats and other related issues.
China has been accused in the past of hacking news organizations, military contractors, and US federal government personnel files.