At least six US states have been targeted by a computer attack by Chinese hackers who exploited vulnerabilities in web programs, researchers from the cybersecurity company Mandiant said on Tuesday.
Those responsible for this hack are part of the Chinese group Advanced Persistent Threat 41 (APT41), several of whose members were indicted in September 2020 in the United States for attacking companies or spying on governments and opponents.
Read alsoRussian cyberattacks claim their first victims in France
“
Our research into APT 41 activities between May 2021 and February 2022 uncovered evidence of a deliberate campaign to target US state governments
,” the Mandiant researchers write.
During this period, APT41
successfully compromised the networks of at least six US state governments through the exploitation of vulnerable internet applications
.
One of the flaws mentioned by Mandiant is the one included in Log4j, a small module from the Apache Foundation and used in many software for "
logging
" functions, i.e. reading "
logs
" (events occurring on the system).
Discovered last December, the vulnerability has caused panic on the global internet, as it theoretically allows hackers to easily take control of the machine hosting Log4j, then deploy ransomware or malware on it. 'spying.
spy group
Mandiant, which Google said Tuesday it wanted to buy for $5.4 billion, did not say which US states were targeted by the cyberattack.
The company, however, said that in two cases, the hack affected several government agencies in the same state, using a common network.
Agencies have also been compromised on various occasions, adds Mandiant, who describes the hackers as "
adaptable and resourceful
".
The researchers note that APT 41 is a “
Chinese state-backed espionage group known to target public and private sector organizations and conduct financially motivated activities for personal gain.
” .
Read alsoUkraine: in Europe, vigilance is increased in the face of fear of critical cyberattacks
China is considered by Washington as the main threat to its cybersecurity.
In an annual report released on Tuesday, the Office of the National Director of Intelligence says that "
China presents the most active and persistent cyber espionage risk to U.S. government and private sector networks
."
Chinese authorities have always denied their involvement in computer attacks that targeted American companies or government agencies.
