According to reports, a government-backed hacking group from China broke through local American government agencies. The breach occurred in a minimum of six states of the US, and has taken place over the past 10 months. Apparently, this breach is a part of an operation that is characterised by persistence for acquiring crucial information. The news was brought forward on Tuesday, March 8 by investigators from a cybersecurity firm called ‘Mandiant.’
In two of these states, agencies witnessed hackers breaking into networks making use of a critical software flaw. This defect was discovered in December 2021. This was at the time when the Biden administration was attempting to address the revelation of the flaw. Mandiant specified these aspects of the occurrence while reporting on the breach.
The discovery indicates how tough it clearly can be to prevent these state-backed hackers from accessing US networks. This seemingly occurred despite US officials sounded the alarm bringing a potential threat to attention. The breach also poses as a reminder that other foreign governments are not letting up in targeting US networks. This is despite many analysts looking out for Russian cyber threats amidst the invasion of Ukraine.
The wide range of state agencies targeted include “health, transportation, labor (including unemployment benefit systems), higher education, agriculture, and court networks and systems,” the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) said.
The cybersecurity firm failed to reveal the motives of the hackers. However, they specified that the victims of the group are “consistent with an espionage operation.” With the expansion of the investigation, it is clear that list of impacted state agencies by the hacking could rise eventually. On December 10 2021, the CISA publicly placed a warning about Log4J, a software the big tech firms all around use. The warning stated that the software possessed a weakness that hackers could use to their advantage to gain further access to information. Apparently, millions of computers around the world still make use of this software that possesses a significant vulnerability.
The hackers of Chinese origin initiated the use of the software’s flaw within hours of the CISA advisory. They used Log4J’s flaw to break into the state agencies of the two American states. Mandiant specified that the hackers got through to some of the personal data on certain US citizens, including their names and contact details.
According to the firm’s study, these hackers have adopted multiple ways to gain access to the networks of these agencies. In fact, in some cases they have eventually come back to the same network with the flaw that assisted them.