Cybersecurity firm accuses Chinese hackers of penetrating at least 6 US state government computer networks

Get the latest BPR news delivered free to your inbox daily. SIGN UP HERE

A cybersecurity firm named Mandiant reported on Tuesday that a Chinese state-sponsored hacker group known as APT41 has infiltrated and compromised at least six unnamed states’ networks between May 2021 and February 2022, exploiting vulnerabilities in web applications.

CNBC is reporting that Mandiant concluded that the Chinese hackers conducted state-sponsored espionage, noting, “APT41’s recent activity against U.S. state governments consists of significant new capabilities, from new attack vectors to post-compromise tools and techniques.”

“APT41 can quickly adapt their initial access techniques by re-compromising an environment through a different vector, or by rapidly operationalizing a fresh vulnerability,” the Mandiant report contends. The process is called “deserialization.”

“APT41 has primarily used malicious ViewStates to trigger code execution against targeted web applications. Within the ASP.NET framework, ViewState is a method for storing the application’s page and control values in HTTP requests to and from the server. The ViewState is sent to the server with each HTTP request as a Base64 encoded string in a hidden form field. The web server decodes the string and applies additional transformations to the string so that it can be unpacked into data structures the server can use. This process is known as deserialization,” the report noted.

The wide range of state agencies targeted included “health, transportation, labor (including unemployment benefit systems), higher education, agriculture, and court networks and systems,” the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) charged in a private advisory to state governments that was obtained by CNN.

“While the ongoing crisis in Ukraine has rightfully captured the world’s attention and the potential for Russian cyber threats are real, we must remember that other major threat actors around the world are continuing their operations as usual,” Geoff Ackerman, who is a principal threat analyst at Mandiant, said in a statement.

“We cannot allow other cyber activity to fall to the wayside, especially given our observations that this campaign from APT41, one of the most prolific threat actors around, continues to this day,” he warned.

BlackBerry has also identified APT41 as “a prolific Chinese state-sponsored cyber threat group” and U.S. officials have previously tied it to Beijing’s Ministry of State Security.

Back in the fall of 2020, members of APT41 were among five Chinese nationals indicted by the Department of Justice for hacking that affected more than 100 private companies in the United States and abroad. Mandiant commented that APT41 appeared “undeterred” by the indictment and the goals of the group remain “unknown.”

“Overall goals of APT41’s campaign remain unknown. Their persistence to gain access into government networks, exemplified by re-compromising previous victims and targeting multiple agencies within the same state, show that whatever they are after it is important. We have found them everywhere, and that is unnerving,” Mandiant researchers stated.

FBI Director Christopher Wray accused the Chinese in February of “trying to steal” information and technology. He included the Chinese Communist Party in his accusation for launching cyberattacks against Western corporations.

The Chinese hackers have been persistent and very busy with no one really being willing to do anything substantive about it. In 2021, the US, European Union, NATO, and other allied leaders pointed fingers at the Chinese government for directing and sponsoring a massive cyberattack on Microsoft Exchange email servers.

Zhao Lijin, who is a spokesperson for China’s foreign ministry, denied that China was involved in the cyberattack targeting Microsoft Exchange, according to TheBlaze.

“China firmly opposes and combats any form of cyberattacks, and will not encourage, support or condone any cyberattacks,” he claimed.

China is reportedly on track to become a global cyber superpower. There have been a string of breaches allegedly attributed to Chinese state-sponsored hackers.

Chinese hackers are widely suspected of having orchestrated the long-running cyberattack that was announced in February which targeted News Corp., publisher of the Wall Street Journal and the New York Post.

“We assess that China presents the broadest, most active, and persistent cyber-espionage threat to US Government and private sector networks,” US intelligence agencies remarked in their annual assessment of global threats that was released on Tuesday.

Many Americans are not surprised in the least that the Chinese are doing this or at the government’s reaction to it:


Please help us! If you are fed up with letting radical big tech execs, phony fact-checkers, tyrannical liberals and a lying mainstream media have unprecedented power over your news please consider making a donation to BPR to help us fight them. Now is the time. Truth has never been more critical!

Success! Thank you for donating. Please share BPR content to help combat the lies.


We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the ∨ icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.

PLEASE JOIN OUR NEW COMMENT SYSTEM! We love hearing from our readers and invite you to join us for feedback and great conversation. If you've commented with us before, we'll need you to re-input your email address for this. The public will not see it and we do not share it.

Latest Articles