China hacked at least six state governments in the U.S. in the past year, Mandiant, a private security firm, said in a report Tuesday.
The hacking group, APT41, is believed to have worked with China to hack the six state governments, exploiting unknown vulnerabilities in the governments’ systems, The Associated Press reported.
One vulnerability that was present in 18 states' animal health management agencies was an unknown flawed commercial web application.
Another unknown weakness was a software flaw, called Log4j, that the hackers used to get into government websites several times, according to the AP,
Rufus Brown, a senior threat analyst at the firm, said the hackers’ “persistence to gain access into government networks, exemplified by re-compromising previous victims and targeting multiple agencies within the same state, (shows) that whatever they are after it is important,”
Geoff Ackerman, a principal threat analyst at Mandiant, warned not to lose site of cyber concerns from other countries while attention is on Russia, the AP noted.
“While the ongoing crisis in Ukraine has rightfully captured the world’s attention and the potential for Russian cyber threats are real, we must remember that other major threat actors around the world are continuing their operations as-usual,” he said. “We cannot allow other cyber activity to fall to the wayside, especially given our observations that this campaign from APT41, one of the most prolific threat actors around, continues to this day.”
