Get the latest BPR news delivered free to your inbox daily. SIGN UP HERE
A cybersecurity firm named Mandiant reported on Tuesday that a Chinese state-sponsored hacker group known as APT41 has infiltrated and compromised at least six unnamed states’ networks between May 2021 and February 2022, exploiting vulnerabilities in web applications.
CNBC is reporting that Mandiant concluded that the Chinese hackers conducted state-sponsored espionage, noting, “APT41’s recent activity against U.S. state governments consists of significant new capabilities, from new attack vectors to post-compromise tools and techniques.”
“APT41 can quickly adapt their initial access techniques by re-compromising an environment through a different vector, or by rapidly operationalizing a fresh vulnerability,” the Mandiant report contends. The process is called “deserialization.”
“APT41 has primarily used malicious ViewStates to trigger code execution against targeted web applications. Within the ASP.NET framework, ViewState is a method for storing the application’s page and control values in HTTP requests to and from the server. The ViewState is sent to the server with each HTTP request as a Base64 encoded string in a hidden form field. The web server decodes the string and applies additional transformations to the string so that it can be unpacked into data structures the server can use. This process is known as deserialization,” the report noted.
Yet we are doing business with them on a daily basis
— Clay (@Clay08202198) March 8, 2022
The wide range of state agencies targeted included “health, transportation, labor (including unemployment benefit systems), higher education, agriculture, and court networks and systems,” the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) charged in a private advisory to state governments that was obtained by CNN.
“While the ongoing crisis in Ukraine has rightfully captured the world’s attention and the potential for Russian cyber threats are real, we must remember that other major threat actors around the world are continuing their operations as usual,” Geoff Ackerman, who is a principal threat analyst at Mandiant, said in a statement.
“We cannot allow other cyber activity to fall to the wayside, especially given our observations that this campaign from APT41, one of the most prolific threat actors around, continues to this day,” he warned.
Chinese hackers targeted 6 US states https://t.co/mWslUL3m2c
— HaberTusba (@haber_tusba) March 9, 2022
BlackBerry has also identified APT41 as “a prolific Chinese state-sponsored cyber threat group” and U.S. officials have previously tied it to Beijing’s Ministry of State Security.
Back in the fall of 2020, members of APT41 were among five Chinese nationals indicted by the Department of Justice for hacking that affected more than 100 private companies in the United States and abroad. Mandiant commented that APT41 appeared “undeterred” by the indictment and the goals of the group remain “unknown.”
“Overall goals of APT41’s campaign remain unknown. Their persistence to gain access into government networks, exemplified by re-compromising previous victims and targeting multiple agencies within the same state, show that whatever they are after it is important. We have found them everywhere, and that is unnerving,” Mandiant researchers stated.
FBI Director Christopher Wray accused the Chinese in February of “trying to steal” information and technology. He included the Chinese Communist Party in his accusation for launching cyberattacks against Western corporations.
The Chinese hackers have been persistent and very busy with no one really being willing to do anything substantive about it. In 2021, the US, European Union, NATO, and other allied leaders pointed fingers at the Chinese government for directing and sponsoring a massive cyberattack on Microsoft Exchange email servers.
Zhao Lijin, who is a spokesperson for China’s foreign ministry, denied that China was involved in the cyberattack targeting Microsoft Exchange, according to TheBlaze.
“China firmly opposes and combats any form of cyberattacks, and will not encourage, support or condone any cyberattacks,” he claimed.
China is reportedly on track to become a global cyber superpower. There have been a string of breaches allegedly attributed to Chinese state-sponsored hackers.
Xi's successful bid to make China a 'cyber superpower': The “most advanced piece of malware” ever seen from China, Chinese hackers have exploited more 0day in the last decade than any other country, vulnerability exploitation spiked six times last year.#programming #database pic.twitter.com/vf10yCSIbp
— Brave Hacker labs (@LabsBrave) March 8, 2022
Chinese hackers are widely suspected of having orchestrated the long-running cyberattack that was announced in February which targeted News Corp., publisher of the Wall Street Journal and the New York Post.
“We assess that China presents the broadest, most active, and persistent cyber-espionage threat to US Government and private sector networks,” US intelligence agencies remarked in their annual assessment of global threats that was released on Tuesday.
Many Americans are not surprised in the least that the Chinese are doing this or at the government’s reaction to it:
The govt will give a befitting reply by outsourcing more manufacturing jobs to China.
— SurlySage (@iwasbatman9) March 9, 2022
They want a war so badly
— Turd Ferguson TruthIsOutThere IQ 420 (@Truthhsoutthere) March 9, 2022
How can the US entertain digitizing things like currency if we’re so easily hacked???
— Right Down The Middle (@AltMiddle4EVA) March 9, 2022
I have never understood this subject. If a foreign country hacks into the DoD and steal’s secrets, to me that is terrorism, so an act of war. Then why do those countries that have proof of cyber terrorism don’t do anything ? It just about makes the news. No biggy….
— Mark Richardson (@MarkPeanut1) March 9, 2022
They’ve been doing that for years while oppressing Hong Kong & Taiwan, creating a trade war over patents/imports/exports, releasing a deadly virus, supporting North Korea, having horrific human rights record …and now they refuse to condemn Russia. Nothing wrong there then, hey?
— RUSSELL (@GlobalPrison) March 9, 2022
is anyone surprised about that? very few if any people are
— Shelly Ann titchenel (@shelly35160) March 9, 2022
And yet this isn’t news. Maybe time to start brushing up on Mandarin?
— Debie (@Debie35359718) March 9, 2022
Probably part of the list Biden made of our most vulnerable and handed out.
— JustJen 🇺🇸❤️🇺🇸 (@jsfw66) March 9, 2022
DONATE TO BIZPAC REVIEW
Please help us! If you are fed up with letting radical big tech execs, phony fact-checkers, tyrannical liberals and a lying mainstream media have unprecedented power over your news please consider making a donation to BPR to help us fight them. Now is the time. Truth has never been more critical!
We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the ∨ icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.