According to a report released Tuesday by a private cybersecurity firm, hackers working for the Chinese government broke into the computer networks of at least six state governments in the United States last year. The Washington Examiner reports, Mandiant, a well-known American cybersecurity company, discovered the attacks, which exploited vulnerable web applications from last May and continued through February.
Although the Mandiant report does not identify the compromised states or the reasons for the attacks, it does blame the notorious Chinese hacking group, APT41 for the breach. The group is known to conduct espionage for financial gain. The report revealed that the suspects hacked a commercial software utilized by 18 states in animal health management. The hacks took place in December within hours of an announcement of a bug in the open-source logging code.
Geoff Ackerman, a threat analyst with Mandiant, said, “While the ongoing crisis in Ukraine has rightfully captured the world’s attention and the potential for Russian cyber threats are real, we must remember that other major threat actors around the world are continuing their operations as usual.” He continued, “We cannot allow other cyber activity to fall to the wayside, especially given our observations that this campaign from APT41, one of the most prolific threat actors around, continues to this day.”
Additionally, Ackerman noted that “APT 41 continues to pose a significant threat to public and private organizations alike around the world. We have found them everywhere, and that is unnerving.”
APT41, which U.S. officials have linked to Beijing’s Ministry of State Security, was also named in a 2020 Justice Department indictment that accused Chinese hackers of attacking more than 100 organizations across the United States and other nations. However, the Chinese government has rejected all claims that it has been involved in cyberattacks.
While cyberattacks have been an issue for the last decade, it’s only since 2021 that they have become widespread after three significant assaults on the federal government’s computer systems, and meat producer JBS.