Experts from Mandiant, a cybersecurity company recently acquired by Google, have published a report on March 8 unveiling a Chinese cyberattack against several US states. The group APT41, for Advanced Persistent Threat 41, accused of being behind the operation, drags a solid reputation for nuisance behind him. It is also suspected of being piloted by Beijing.
APT41’s capabilities impress
Between May 2021 and February 2022, at least six US states were affected. Hackers exploited a 0-day, i.e. previously unknown, flaw in an app used to monitor animal health, USA Herds. Developed by Pennsylvania, it is used by 18 US states in total, hence a ” at least cautious of Mandiant.
French companies facing cybersecurity risks in 2021
The hackers also went through the Log4J flaw to reach two of the affected states. Log4J is a popular open source software. Mandiant had unveiled the flaw in December, warning of the risk it represented. According to the company, within hours of being revealed APT41 seized it for their operations.
APT41’s talent for adaptation, its ability to discover and exploit vulnerabilities ignored by specialists demonstrate, according to Mandiant’s report, that ” APT41 can quickly adapt its initial access techniques by re-compromising an environment through a different vector, or quickly operationalizing a new vulnerability “.
The cybersecurity firm remains cautious about the hackers’ goals. She notes, however, that they uploaded personal information, indicating a spying operation. A possibility consistent with the past activities of the group, which oscillate between cybercriminal operations and espionage activities.
APT41 is already well known to US authorities as it is on the FBI Cyber Threat List. Finance, healthcare, real estate, video game, technology company, social network, university, defense industry…” We found them everywhere, and it’s disconcerting said Geoff Ackerman, principal threat analyst at Mandiant, at wall street journal.
Extremely prolific, APT41 was indicted by the US Department of Justice in 2020. Five Chinese citizens, believed to be among them, were charged with hacking more than a hundred companies in the United States and around the world .
Beijing accused of being maneuvering
The attorneys general in charge of the investigation did not directly accuse Beijing of piloting APT41, but a body of evidence leaves an insistent doubt. The lure of profit seems secondary for the group vis-à-vis espionage. His focus on pro-democracy politicians and activists in Hong Kong tends to follow China’s concerns closely.
One of the hackers identified as a member of APT41 reportedly even boasted of being affiliated with the Chinese Ministry of State Security. Asked about these suspicions by the wall street journalthe Chinese Embassy in Washington dismissed ” groundless accusations “.
Unconvincing denials for the US intelligence community. On March 8, the day the Mandiant’s report was released, she presented her annual threat assessment to Congress. It is written there, ” We believe that China poses the largest, most active, and persistent cyber espionage threat to U.S. government and private sector networks. “.