As reported more than six state governments in the United States have been hit by a cyberattack of a group of hackers funded by the Chinese government, according to a report from cybersecurity firm Mandiant.
The cyber attacks occurred somewhere between May 2021 and February 2022 and Mandiant’s research depicts a challenging adversary that is adapting every day to new threats.
“Evidence that suggests an espionage operation” was found in the incidents where networks were infiltrated by Mandiant, but the company said it couldn’t say for sure what the goal was at this time because of the complexity of the case.
“The creation of significant new capabilities, ranging from new attack vectors to post-compromise tools and methodologies,” the report said of APT41’s Chinese team’s recent cyber offensive action targeting state governments in the United States.
APT41 can re-infiltrate an environment via a different vector or swiftly operationalize a new vulnerability in order to quickly alter its initial access techniques. Rather than passively storing their talents, the organization is actively seeking new ways to use them.
A major new capability that APT41 has developed in recent efforts against US state governments is said to be part of that work.
Mandiant has already uncovered malicious assaults, including major cyberattacks like the well known SolarWinds.
The SolarWinds breach was carried out by hackers acknowledged as being supported by the Russian government, targeting significant US federal agencies. The acquisition of the company by Google for a total of 5,4bn dollars was announced at the same time as the publication of the report.