March 10, 2022: -On Tuesday, a Chinese state-sponsored hacking group successfully compromised the computer networks of at least six U.S. state governments amid May 2021 and February this year, according to research published by cybersecurity firm Mandiant. The group, known as APT41, allegedly exploited vulnerabilities in web applications to get their initial foothold into state government networks, Mandiant said.
APT41, which Mandiant claims carries out state-sponsored espionage on behalf of Beijing, took advantage of software flaws and quickly exploited security vulnerabilities made public by researchers. It said that the hackers also adapted their tools to attack via different methods.
“APT41′s recent activity against U.S. state governments consists of significant new capabilities, from a recent attack vector to post-compromise tools and techniques,” the researchers said.
“APT41 can quickly adapt their initial access techniques by re-compromising an environment through a different vector, or by rapidly operationalizing a fresh vulnerability.”
Mandiant, the company behind research on Tuesday, is a Nasdaq-listed cybersecurity firm based in the U.S. On Tuesday, Google said it plans to acquire the company for around $5.4 billion.
Other researchers, including BlackBerry, have previously identified APT41 as “a prolific Chinese state-sponsored cyber threat group.” This is based on the company’s research in the previous year that builds on other reports on APT41 and uncovers different cyberattacks the group has carried out.
In September 2020, the U.S. Department of Justice indicted five Chinese nationals, which include some it said were part of APT41, with computer intrusions affecting more than 100 victim companies in the U.S. and abroad.
On Tuesday, Mandiant said that APT41 appeared to be “undeterred” by the indictment and its goals remain “unknown.”
“Overall goals of APT41′s campaign remain unknown. Their persistence to gain access into government networks, exemplified by re-compromising previous victims and targeting multiple agencies within the same state, show that whatsoever they are after is important. We have found them everywhere, and that is unnerving,” the researchers said.
In the previous month, FBI Director Christopher Wray accused the Chinese government of “trying to steal” information and technology and launching cyberattacks.
In the previous year, the U.S., European Union, NATO, and other allies blamed China for the massive cyberattack on Microsoft Exchange email servers.
