(San Francisco) At least six US states were targeted by a computer attack by Chinese hackers who exploited vulnerabilities in web programs, researchers from the cybersecurity company Mandiant said on Tuesday.
Posted at 10:39 p.m.
Those responsible for this hack are part of the Chinese group Advanced Persistent Threat 41 (APT41), several of whose members were indicted in September 2020 in the United States for attacking companies or spying on governments and opponents.
“Our research into APT 41 activities between May 2021 and February 2022 uncovered evidence of a deliberate campaign to target US state governments,” the Mandiant researchers write.
During this period, APT41 successfully compromised the networks of at least six US state governments through the exploitation of vulnerable internet applications.
One of the flaws mentioned by Mandiant is the one included in Log4j, a small module from the Apache Foundation and used in many software for “logging” functions, that is to say “logs” reading (events occurring on the system).
Discovered last December, the vulnerability has caused panic on the global internet, as it theoretically allows hackers to easily take control of the machine hosting Log4j, then deploy ransomware or malware on it. ‘spying.
Mandiant, which Google said Tuesday it wanted to buy for $5.4 billion, did not say which US states were targeted by the cyberattack.
The company, however, said that in two cases, the hack affected several government agencies in the same state, using a common network.
Agencies have also been compromised on various occasions, adds Mandiant, who describes the hackers as “adaptable and resourceful”.
The researchers note that APT 41 is a “Chinese state-backed espionage group known to target public and private sector organizations and conduct financially motivated activities for personal gain.” .
China is considered by Washington as the main threat to its cybersecurity.
In an annual report released on Tuesday, the Office of the National Intelligence Director says that “China presents the most active and persistent cyber espionage risk to U.S. government and private sector networks.”
The Chinese authorities have always denied their involvement in computer attacks that have targeted American companies or government agencies.