Chinese government-backed hackers have compromised the computer networks of at least six US states

Chinese government-backed hackers have compromised the computer networks of at least six US states

A Chinese state-sponsored hacking group managed to compromise the computer networks of at least six US states between May 2021 and February 2022.

CNBC reported findings from cybersecurity firm Mandiant that detail how hackers employed by the Chinese government were able to exploit vulnerabilities in web applications used by these state governments to access their networks.

The group that hacked state networks is known as APT41. It is a state-sponsored spy organization that takes advantage of software loopholes to exploit existing security vulnerabilities. The group is able to adapt its approach to hacking using different methods.

Mandiant Research said, “Recent APT41 activity against US state governments consists of significant new capabilities, ranging from new attack vectors to post-compromise tools and techniques.”

He continued, “APT41 can quickly adapt its initial access techniques by re-compromising an environment through a different vector, or quickly operationalizing a new vulnerability.”

Mandiant’s report indicates that this process is called “deserialization”.

Beggar noted“APT41 primarily used malicious ViewStates to trigger code execution on targeted web applications. In the ASP.NET framework, ViewState is a method of storing application page and control values ​​in requests HTTP to and from the server.The ViewState is sent to the server with each HTTP request as a Base64-encoded string in a hidden form field.The web server decodes the string and applies additional transformations to the string so that ‘it can be decompressed into data structures that the server can use.This process is known as deserialization.

Mandiant isn’t the first tech company to sound the alarm about the threat APT41 poses to American cybersovereignty.

BlackBerry researchers previously identified APT41 as “a prolific group of Chinese state-sponsored cyber threats.”

In the fall of 2020, the US Department of Justice indicted five Chinese nationals for crimes related to computer intrusions that affected more than 100 private companies in the United States and abroad. Some of those indicted were part of APT41.

Mandiant said Tuesday that APT41 seemed “undeterred” by the 2020 indictment and that the group’s goals remained “unknown.”

The Mandiant researchers said, “APT41’s overall campaign goals remain unknown. Their persistence in accessing government networks, exemplified by the questioning of former victims and the targeting of multiple agencies within a single state, shows that whatever they seek matters. We found them everywhere, and it’s annoying.

In February, FBI Director Christopher Wray accused the Chinese government of “attempting to steal” information and technology. Wray extended the accusation to condemn the Chinese Communist Party for launching cyberattacks against Western companies.

In 2021, the United States, European Union, NATO and other allied leaders accused the Chinese government of leading and sponsoring a massive cyberattack on Microsoft Exchange mail servers.

Zhao Lijin, spokesperson for the Chinese Ministry of Foreign Affairs, denied that China was involved in the cyberattack targeting Microsoft Exchange.

Zhao said, in July 2021, “China firmly opposes and combats any form of cyber attack, and will not encourage, support or tolerate any cyber attack.”

The Mandiant report did not specify which state governments were targeted by the APT41.