A cybersecurity firm has reported that a state-sponsored Chinese group of hackers entered at least six computer networks operated by US states between May of last year and last month.
Mandiant found that the hackers could exploit vulnerabilities in internet applications used by the state governments to enter their data networks. The group of hackers is known as APT41 and the Chinese government employs them. Hackers use various methods to find software flaws that allow them to bypass ordinary security network protections.
The report said that APT41’s recent hacking indicates the group has significant new capabilities involving new “attack vectors” to enter networks and tools and techniques to conceal the breach afterward. Mandiant described the process of rapidly modifying access techniques through different vectors as “deserialization.”
In addition to Mandiant, other cybersecurity firms have warned American firms and governmental entities of the dangers posed by the APT41 group. BlackBerry researchers have specifically identified the group as a “prolific Chinese state-sponsored cyber threat.”
The US Department of Justice indicted five Chinese nationals in late 2020 for various criminal allegations related to the breach of more than 100 private firm computer networks. Some of the persons indicted were part of the APT41 group. Mandiant said this week that APT41 appears to be undeterred by the indictments.
The report also said that the overall goals of APT41 are still not known. It described their actions as “unnerving,” as they are persistent in accessing government networks and repeat attacks against previous victims.
FBI Director Christopher Wray last month accused the Chinese Communist Party government of attempting to steal American technology and data. The alleged thefts included governments and private firms as victims.
Last year, the US, EU and NATO accused the Chinese government of directing and supporting a large-scale cyberattack on Microsoft Exchange email servers worldwide. The Chinese foreign ministry denied its government’s involvement in the attacks.