Hackers linked to Chinese government invaded US state networks, security firm says

  • Internet
  • Wednesday, 09 Mar 2022

Mandiant cybersecurity firm says hacking group APT41, already an FBI target, has infiltrated at least six US states since last year. ‘It’s very persistent, very continuous, and they keep coming back for whatever they want,’ the report’s lead author says. — SCMP

Hackers linked to China’s Ministry of State Security have spent most of the last year infiltrating and moving freely through state government networks across the United States, according to a report by the cybersecurity firm Mandiant.

Released on Tuesday, the report says that the hacking group known as APT41, whose members are already sought by the FBI for allegedly working on behalf of Beijing to conduct cyberattacks, began targeting at least six state governments starting last spring, and had not let up through the end of February.

“This is a pretty unique switch,” Rufus Brown, a ​​senior threat analyst at Mandiant and the lead author of the report, said about the attacks. “Since May 2021, we’ve seen them just continuously hammer these state governments.”

“It’s very persistent, very continuous, and they keep coming back for whatever they want,” he said. “We likely assess that there are more states affected.”

US Deputy Attorney General Jeffrey Rosen announcing charges on September 16, 2020, related to a computer intrusion campaign by the APT41 hacking group, which has ties to the Chinese government. Photo: EPA-EFE

Brown declined to disclose which states were attacked. The National Governors Association did not immediately respond to a request for comment.

It is unclear what or how much information APT41 might have stolen from the various state agencies, but the attackers jumped from department to department, and in at least one instance stole a batch of personal identifying information, Brown said.

The report said that the hackers also targeted a Microsoft-based agriculture database used by 18 states to document livestock health, known as USAHerds.

The National Agribusiness Technology Centre, the organisation that runs the USAHerds network, did not immediately respond to a request for comment.

And when a global software bug known as the “log4j vulnerability” was made public late last year – described by a top US cybersecurity official as “the most serious vulnerability I have seen in my decades-long career” – the hackers took less than two days to begin using it to target the state governments, Mandiant reported.

“Stopping them is very hard,” said Brown. “The only thing that really is going to help this is arresting the individuals.”

The cyberattacks against the state governments come as top leaders in China have spoken in recent years about maintaining close ties with individual states – a sort of counterbalance to Beijing’s deteriorating relationship with Washington.

Chinese leader Xi Jinping said in 2020 that his country should work with “American states, local councils and businesses”.

Some state governors have expressed a willingness to maintain strong business ties with China, even as their counterparts in Washington criticise Beijing.

During the administration of former president Donald Trump, then-secretary of state Mike Pompeo warned an association of US governors to be wary of Chinese influence and investment in their states.

“​​The competition with China is not just a federal issue,” he said at the time.

In 2020, the US Department of Justice charged five Chinese nationals and members of the group APT41 with various cybercrime offences, including identity theft, money laundering and computer violations.

The Justice Department said at the time that one of the Chinese nationals charged had boasted that he was protected by the Ministry of State Security, China’s intelligence agency.

Brown, whose firm began the investigation after it was contacted by one of the state governments about suspicious activity in its network, said that based on his investigation, he had “100%” confidence that the attacks were perpetrated by APT41.

Google’s parent company Alphabet announced on Tuesday that it was set to buy Mandiant, which is based in Virgina, for about US$5.4bil (RM22.61bil).

China has denied for years that it has facilitated cyberattacks abroad, and says that it too is a victim of hacking.

On Saturday, in Chinese Premier Li Keqiang’s annual government work report, he called for China to “strengthen cybersecurity, data security, personal information protection”, according to an official summary.

Chinese Premier Li Keqiang during the opening ceremony of the National People’s Congress at the Great Hall of the People in Beijing on Saturday. Photo: Kyodo

Liu Pengyu, the spokesman for the Chinese embassy in Washington, did not comment on the details of the Mandiant report, but said that China opposes “making groundless accusations against China on cybersecurity and other related issues”.

In the past, China has also been accused of hacking US federal government personnel files, military contractors and news organisations; Washington remains suspicious about Beijing’s commitment to cybersecurity.

Observers have also expressed alarm over a Chinese law passed last year, which orders companies that find digital vulnerabilities to inform Beijing first before notifying any global cybersecurity organisations.

Mandiant’s report came as US intelligence agencies were testifying to Congress about their annual “threat assessment” document, which called China “the broadest, most active, and persistent cyberespionage threat to US Government and private sector networks”.

“China almost certainly is capable of launching cyberattacks that would disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems,” the document said. – South China Morning Post

Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Meta asks appeals court to tell FTC it cannot reopen privacy case
Analysts predict more brands will flee X after Musk tirade
Broadcom adds silicon AI features to speed new Trident networking chip
Cognizant ropes in JLL for sale of its world's largest facility: sources
UK antitrust regulator wins appeal over Apple probe
Microsoft president says no chance of super-intelligent AI soon
Microsoft's $3.2 billion UK investment to drive AI growth
ChatGPT one year on: From viral AI bot to OpenAI's boardroom battle
Tesla to deliver Cybertrucks after Musk tempers expectations
‘More than a chatbot’: Google touts firm’s AI tech

Others Also Read