China has turned out to be the home to some of the world’s most well-known hackers and hacking groups, according to several reports being released over the years. Now, a new threat analysis from cybersecurity firm Mandiant has revealed that a highly advanced hacker organisation, backed by the Chinese government, has hacked the computer systems of at least six US state governments.
According to the threat analysis by Mandiant, which previously uncovered state-sponsored attacks like the SolarWinds hack mounted against major US government agencies, the group known as ‘APT41’ targeted state governments in the United States between May 2021 and February 2022.
Mandiant discovered evidence of the exfiltration of personally identifiable information compatible with an “espionage operation” when networks were breached.
But the company said it couldn’t make a conclusive evaluation of purpose at this time. Overall, this analysis, published on March 8, offers a picture of a formidable foe who is continually changing.
The report states: “APT41’s recent activity against US state governments consists of significant new capabilities, from new attack vectors to post-compromise tools and techniques.”
“APT41 can quickly adapt their initial access techniques by re-compromising an environment through a different vector, or by rapidly operationalising a fresh vulnerability,” the reports further added.
According to the analysis, the group of threat actors also shows a willingness to retool and deploy capabilities through “new attack vectors” rather than storing them for future use.
It was also found that the APT41 group was able to break into government networks by exploiting weaknesses in Microsoft’s.NET developer platform, including a previously undiscovered vulnerability in USAHERDS, a database for animal health reporting.
America’s Cybersecurity and Infrastructure Security Agency (CISA) has officially warned on December 10 that Log4J, a software used by many top tech companies throughout the world, had a vulnerability that hackers could simply exploit to obtain further access to computers.
According to American officials, the susceptible software was installed on hundreds of millions of devices around the world. The officials in the US have been urging corporations to upgrade their software for weeks, and the White House hosted a conference with tech CEOs in January this year to try to address the core problem of software that is not secure by design.
However, according to Mandiant, Chinese hackers began utilising the Log4J weakness to break into two US state agencies within hours of the CISA notification.
Modus Operandi
APT41’s activities were first detailed in-depth in a report by cybersecurity firm FireEye, which dubbed the hacking group ‘Double Dragon’ due to its dual focus on espionage and financial cybercrime.
The FireEye report, among other things, details a history of supply chain attacks against software developers dating back to 2014; in some documented cases, APT41 hackers were even able to inject malicious code into video game files sold to users by legitimate game distributors.
The hacking group’s operations finally drew the notice of US authorities, and in 2019 and 2020, the Department of Justice filed charges against five members of APT41, putting them on the FBI’s cyber most wanted list.
While APT41 has been linked to both financial crime and espionage, Mandiant researchers believe that the latter is the purpose in this recent case.
The latest report demonstrates how difficult it is to prevent state-sponsored hackers from gaining access to US networks, even while US officials are warning of a potential threat. It’s also a reminder that, while many experts are looking for Russian cyber dangers during the Ukraine conflict, other state-backed hackers continue to do their malicious work.
Recently, the intelligence agencies in the US said in their annual assessment of global threats, “We assess that China presents the broadest, most active, and persistent cyber-espionage threat to the US government and private sector networks.”
It is now understood that as the investigation proceeds, the list of governmental agencies affected by the cyber threat may rise.
Read all the Latest Tech News and Breaking News here
Comments
0 comment