The United States is vulnerable to Chinese piracy
The United States is vulnerable to Chinese piracy

A Chinese state-backed hacker group has penetrated six US government computer systems, according to a new threat report from cybersecurity firm Mandiant.

The group, which Mandiant called APT41, targeted the US government between May 2021 and February 2022.

When the network was hacked, Mandiant found evidence of personal information theft consistent with espionage, although the company said it was unable to make a final assessment of intent at this time.

Mandiant has a history of detecting serious cybersecurity threats, including state-sponsored attacks such as SolarWinds hacking of major US government agencies by hackers believed to be backed by the Russian government.

The company was recently acquired by Google and the deal was announced along with the release of the report.

According to Mandiant's research, the APT41 group was able to penetrate government networks by exploiting vulnerabilities in applications built using the Microsoft .NET development platform, including a previously unknown vulnerability in the USAHERDS animal health database.

The USAHERDS program was originally developed for the Pennsylvania Department of Agriculture. It is described as a model to improve the traceability of animal diseases.

APT41 targets the US government

Other countries subsequently adopted the USAHERDS program. However, observing the code resulted in the encryption key allowing certain operations in the application to be the same in all cases of USAHERDS. A single instance hack would allow hackers to run their code on any system running the program.

Mandiant said the full extent of the injury could include more targets than the six currently known. We say at least six states because more states may be affected. We know 18 states use USAHERDS. As such, we think this is likely broader than the six countries we've identified.

In addition to attacking .NET-based applications, APT41 exploits the Log4Shell vulnerability. According to Mandiant analysis, APT41 began launching Log4j attacks hours after revealing details of the vulnerability.

The vulnerability was used to install a backdoor in Linux for more access at a later time.

APTs refer to advanced persistent threats that are deployed directly by national governments or by elite hacking groups operating under the auspices of the state.

APT41's activities are detailed in a report by cybersecurity firm FireEye. The company calls it the Double Dragon hacking group because it focuses on both espionage and financial cybercrime.

The actions of the hacker group attracted the attention of the US authorities. The Department of Justice indicted five members of APT41 in 2019 and 2020. This led to her being placed on the FBI's Internet Most Wanted List.

Previous Post Next Post