Cybersecurity firm Mandiant released a report detailing their discovery that the Chinese government had compromised at least six state government computer systems.
ATP41, the group suspected to be behind the attacks, has five members listed on the FBI’s most wanted for cyber threats. According to NBC, the hackers were working in tandem with the Chinese government, and Mandiant generally recognizes ATP41 as contractors who offer their services to the Chinese government for espionage.
Mandiant’s report does not outline which states were targeted, nor does it delve into possible motives or consequences.
Geoff Ackerman, a threat analyst for Mandiant, claims that ATP41 takes advantage of U.S. systems behind the curtain of the Russia-Ukraine situation. “While the ongoing crisis in Ukraine has rightfully captured the world’s attention and the potential for Russian cyber threats are real, we must remember that other major threat actors around the world are continuing their operations as usual,” warned Ackerman.
ATP41’s methods proved incredibly complex; Mandiant found they exploited a vulnerability in a U.S. livestock health system. USAHERDS traces and tracks diseases in animals and is used in at least 18 states, the Verge wrote. In short, a “coding oversight” allowed the hackers to run a piece of code on any system running the USAHERDS application. The coding allowed ATP41 to potentially access and manipulate files within state databases. Another analyst at Mandiant, Rufus Brown, says any of the 18 states could have been affected, although the current estimate is at least six.
ATP41 has also been caught adding backdoors to programs that run on a standard Java logging system, called “log4j”. The hackers can then access the code later due to lines of code installed that can bypass security features. Cybersecurity expert Marcus Hutchins stated that since millions of applications run on such logging systems, the impact of these hacks is not yet clear. However, they serve as a reminder of China’s still very real threat to U.S. cybersecurity, both in government and society.