Hackers Connected To China Steal Data From Six States As US Is Distracted By Russia
As the U.S intelligence community is focusing on protecting computer networks from cyberattacks from Russia, hackers from China broke into systems operated by six states.
On Tuesday, cybersecurity firm Mandiant revealed that Chinese hackers penetrated these networks and made off with sensitive information that included phone numbers, names and other personal data belonging to employees. Mandiant did not identify the affected states but assessed that the breaches were the work of a hacker group tied to China’s civilian intelligence agency.
Known as Advanced Persistent Threat 41, or APT41, the group made use of "new attack vectors" to compromise and then re-compromise the targeted network as they made off with the desired data. To do this, they made use of a previously unknown vulnerability in an animal health tracking database used by agricultural agencies called USAHERDS.
Rufus Brown, a senior threat analyst at Mandiant, told The Verge that the extent of the breach may not be known and that there could be as many as 18 states that were compromised.
“We know that there are 18 states using USAHERDS, so we assess that this is likely a broader campaign than the six states where we have confirmation," Brown warned.
APT41 also exploited previously known vulnerabilities, including the Log4J software flaw flagged by the Department of Homeland Security (DHS) last year as a major threat. According to Mandiant, APT41’s hackers began making use of the vulnerability within hours of it being revealed by the U.S government. Using the Log4J flaw, they managed to penetrate two state networks.
In September 2019, hackers from APT41 were identified by the U.S Department of Justice as responsible for a global campaign of computer intrusions that included a number of networks belonging to U.S companies. A year later, five Chinese nationals allegedly associated with the group were added to the FBI’s Most Wanted List.
News of the hacking campaign comes as the U.S government has been training its focus on preparing for cyber attacks coming from Russia since its invasion of Ukraine on Feb. 24. The FBI as well as DHS has leaned in on warning states and companies alike to be on guard and do more to patch up their vulnerabilities lest they fall victim to a breach.
Yet for all the attention paid to Russian hackers, the U.S intelligence community recently named China to be the most serious threat in cyberspace.
“We assess that China presents the broadest, most active, and persistent cyber espionage threat to U.S. government and private sector networks,” read a section of the U.S intelligence community’s Annual Worldwide Threat Assessment that was released on Tuesday.
© Copyright IBTimes 2024. All rights reserved.