- A Chinese state-sponsored hacking group successfully compromised the computer networks of at least six U.S. state governments, according to research published by Mandiant.
- APT41, which Mandiant claims carries out state-sponsored espionage on behalf of China, took advantage of software flaws and quickly exploited security vulnerabilities that were made public by researchers.
- Mandiant said Tuesday that APT41 appeared to be "undeterred" by the indictment and its goals remain "unknown."
A Chinese state-sponsored hacking group successfully compromised the computer networks of at least six U.S. state governments between May 2021 and February this year, according to research published by cybersecurity firm Mandiant on Tuesday.
The group, known as APT41, allegedly exploited vulnerabilities in web applications to get their initial foothold into state government networks, Mandiant said.
APT41, which Mandiant claims carries out state-sponsored espionage on behalf of Beijing, took advantage of software flaws and quickly exploited security vulnerabilities that were made public by researchers. The hackers also adapted their tools to attack via different methods, it said.
"APT41's recent activity against U.S. state governments consists of significant new capabilities, from new attack vectors to post-compromise tools and techniques," the researchers said.
"APT41 can quickly adapt their initial access techniques by re-compromising an environment through a different vector, or by rapidly operationalizing a fresh vulnerability."
Mandiant, the company behind Tuesday's research, is a Nasdaq-listed cybersecurity firm based in the U.S. On Tuesday, Google said that it plans to acquire the company for around $5.4 billion.
Other researchers, including those from BlackBerry, have previously identified APT41 as "a prolific Chinese state-sponsored cyberthreat group." This is based on research the company published last year that builds on other reports on APT41 and uncovers other cyberattacks the group has carried out.
A spokesperson for the Chinese embassy in the U.K. said the country is a "staunch defender of cyber security and a main victim of cyber attacks.
"China firmly opposes and combats all forms of cyber attacks, and is firmly against any smear against China under the pretext of cyber security. This position is consistent and clear," the spokesperson said.
"We've stated on multiple occasions that given the virtual nature of cyberspace, the vast number and diversity of online actors and the difficulty in tracing, it's important to have complete and sufficient evidence when investigating and defining cyber-related incidents. When linking cyber attacks with the government of any country, one must be even more prudent."
In September 2020, the U.S. Department of Justice indicted five Chinese nationals, including some it said were part of APT41, with computer intrusions affecting over 100 victim companies in the U.S. and abroad.
Mandiant said Tuesday that APT41 appeared to be "undeterred" by the indictment and its goals remain "unknown."
"Overall goals of APT41's campaign remain unknown. Their persistence to gain access into government networks, exemplified by re-compromising previous victims and targeting multiple agencies within the same state, show that whatever they are after it is important. We have found them everywhere, and that is unnerving," the researchers said.
Last month, FBI Director Christopher Wray accused the Chinese government of "trying to steal" information and technology and launching cyberattacks.
Last year, the U.S., European Union, NATO and other allies blamed China for the massive cyberattack on Microsoft Exchange email servers.
Zhao Lijin, a spokesperson for China's foreign ministry, denied that China was behind the Microsoft Exchange attack.
"China firmly opposes and combats any form of cyberattacks, and will not encourage, support or condone any cyberattacks," Zhao said in July.