A report released on March 8 by cybersecurity company Mandiant stated this allegation, adding that the hacking operations commenced in May 2021. While the Reston, Virginia-based company's report did not provide a motive for the hacking, it named Chinese hacking group APT41 as the one responsible. Known for hacking for financial gain and espionage, APT41 instigated the intrusions at the behest of Beijing, the report added.
APT41 hackers took advantage of a previously unknown vulnerability in a commercial web application used by 18 states for animal health management. They also exploited the LOG4j software flaw first discovered in December to illegally access state government data. First discovered in December 2021, U.S. officials claimed LOG4j could be present on hundreds of millions of devices.
Hours after LOG4j was announced, the APT41 hackers began exploiting it. Two U.S. state governments earlier victimized by the hackers were breached once more in late February.
Mandiant senior threat analyst Rufus Brown noted that the bad actors' "persistence to gain access into government networks – exemplified by re-compromising previous victims and targeting multiple agencies within the same state – [shows] that whatever they are after is important." He added: "We have found them everywhere, and that is unnerving." (Related: China hacking and penetration of critical U.S. infrastructure systems worse than previously thought.)
Mandiant principal threat analyst Geoff Ackerman concurred with his colleague's observations. He said in a separate statement: "We cannot allow other cyber activity to fall to the wayside, especially given our observations that this campaign from APT41 – one of the most prolific threat actors around – continues to this day."
The March 8 report by Mandiant mentioned earlier action by U.S. authorities to bring the hacking group to justice. "Through all the new, some things remain unchanged. APT41 continues to be undeterred by the Department of Justice (DOJ) indictment in September 2020," it stated.
A DOJ press release dated Sept. 16, 2020 elaborated on this indictment. According to the statement, a federal grand jury indicted five Chinese nationals for hacking more than 100 companies in the U.S. and abroad. The same jury indicted an additional two Malaysian businessmen who aided two of the hackers in their criminal activities.
With the assistance of the country's authorities, the two co-conspirators were arrested in the town of Sitiawan in the Malaysian state of Perak on Sept. 14, 2020. The indictment for the two Malaysians alleged that they collaborated with the cybercriminals "to profit from the hackers' criminal computer intrusions at video game companies."
The five mainland Chinese hackers remained at large. One of the five culprits even boasted his connections to the Chinese Ministry of State Security to a colleague – putting forward the possibility of Beijing's involvement in the scheme.
Former U.S. Deputy Attorney General Jeffrey A. Rosen said: The [DOJ] has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens. Regrettably, the Chinese Communist Party has chosen a different path of making China safe for cybercriminals – so long as they attack computers outside [the country] and steal intellectual property helpful to China."
Wang Wenbin, spokesman for the Chinese Ministry of Foreign Affairs, decried the allegations. He reiterated that Beijing is "a staunch defender of cybersecurity and has always resolutely opposed cyberattacks."
"It is regrettable that the U.S. has stigmatized the issue of cybersecurity as a tool for political manipulation and the dissemination of false information," Wang said in a statement.
Watch former President Donald Trump commenting on China's hacking attempts to steal information about Wuhan coronavirus vaccines.
This video is from the NewsClips channel on Brighteon.com.
Glitch.news has more stories about cybersecurity breaches organized by hacking groups.