[ad_1]
According to cybersecurity firm Mandiant, Chinese-backed hackers have compromised at least six US state government networks and stolen personally identifiable information.
The purposes of compromising state networks are unclear. Mandiant said APT41 discovered the hacking campaign by leveraging USAHerds, an animal health emergency reporting diagnostic system, and leveraging the open-source logging platform Apache Log4J.
The cybersecurity firm declined to disclose which six states were affected by the attacks it observed between May 2021 and February 2022.
Mandiant principal threat analyst Van Ta said that USAHerds-specific data was not the target and that the vulnerability in USAHerds was used by hackers to gain foothold in other digital media.
“After establishing an entryway, we observed that APT41 returned to other parts of the network,” Mr. Ta said in a statement. “While we cannot reveal what they are specifically after, state governments are monitoring a wealth of data on threat actors seeking personal financial gain as well as components that could be valuable targets for espionage threat actors; We have seen APT41 conduct operations for both purposes in the past.”
Mandiant said it saw no evidence that APT41 had carried out a devastating or disruptive attack alongside breaches of government networks, and the firm considered it consistent with the hacking group’s previous actions.
APT41 is a cyberespionage operator aligned with China’s economic development plans, according to Mandiant’s 2019 analysis of the advanced persistent threat group.
Hackers have historically targeted organizations in the healthcare, hi-tech, and telecommunications industries.
“APT41 operations for higher education, travel services, and news/media companies provide some indication that the group is also tracking and spying on individuals,” Mandiant’s 2019 analysis says. “For example, the group has repeatedly targeted call log information at telecom companies. In another example, APT41 targeted a hotel’s reservation systems before Chinese officials staying there, suggesting that the group was tasked with exploring the property for security reasons.”
In addition to the government networks breach first observed last year, Mandiant said APT41 used the Log4J breach to hit targets in the insurance and telecommunications industries.
Multiple potential victims of attacks caused by the Log4J vulnerability have raised alarm within the Biden administration. The federal government commissioned the Cybersecurity Review Board, which was set up last year, to investigate the Log4J hack.
The cyber board is modeled after the National Transportation Safety Board, which studies accidents in the transportation sector and makes recommendations on how the government and private sector should respond.
[ad_2]
Source link