Cybersecurity firm says Chinese hackers breached six US state agencies

Mar 8, 2022, 10:32 AM | Updated: Jun 8, 2022, 3:18 pm
View of the office building of the Ministry of Public Security of the Peoples Republic of China (MS...
View of the office building of the Ministry of Public Security of the Peoples Republic of China (MSS) in Beijing, China, 16 August 2008. No Use China. No Use France.

(CNN) — A Chinese government-backed hacking group has breached local government agencies in at least six US states in the last 10 months as part of a persistent information-gathering operation, investigators at cybersecurity firm Mandiant said Tuesday.

The wide range of state agencies targeted include “health, transportation, labor (including unemployment benefit systems), higher education, agriculture, and court networks and systems,” the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) said in a separate, private advisory to state governments obtained by CNN.

For agencies in two states, the hackers broke into networks using a critical software flaw that was revealed in December just as the Biden administration was scrambling to respond to the flaw’s discovery, according to Mandiant.

The revelation shows how difficult it can be to keep state-backed hackers from accessing US networks — even when US officials are sounding the alarm about a potential threat. And it’s a reminder that as many analysts are watching for Russian cyber threats during the Ukraine war, other foreign governments aren’t letting up in targeting US networks.

The hackers’ motives aren’t clear, but their victims are “consistent with an espionage operation,” the firm said. The list of state agencies affected by the hacking could grow as the investigation continues.

CISA on December 10 publicly warned that Log4J — software used by big tech firms around the world — had a vulnerability that hackers could easily exploit to gain further access to computer systems.

Hundreds of millions of computers around the world ran the vulnerable software, US officials later estimated. For weeks, US officials urged companies to update their software; the White House hosted a meeting in January with tech executives to try to address the root problem of software that is not secure by design.

Within hours of the CISA advisory, the Chinese hackers had begun using the Log4J flaw to break into the two US state agencies, according to Mandiant. Agencies in four other states were hacked via other means.

In one state, Mandiant said, the hackers accessed personal data on some Americans, including names, email addresses and mobile phone numbers. Mandiant declined to name the US states or agencies affected.

While the hackers’ ultimate objectives are unclear, state agencies could provide a wealth of useful information to foreign spies, whether data related to elections or government contracting.

“This campaign is likely still going on. [The hackers] probably haven’t completed their mission,” said Rufus Brown, senior threat analyst at Mandiant’s Advanced Practices team.

The hackers have used multiple methods to access the state agency networks, and in some cases have returned to the same compromised network after Mandiant specialists contained the activity.

CNN has asked CISA to comment.

Mandiant blamed the hacking campaign on a group that the Justice Department has linked with China’s civilian intelligence agency. That hacking group, according to a US indictment unsealed in September 2020, has been linked to attempts to breach hundreds of organizations around the world, from hardware makers to pro-democracy politicians in Hong Kong.

“We firmly oppose and combat cyberattacks of any kind,” Chinese Embassy in Washington spokesperson Liu Pengyu said in an email. “We oppose making groundless accusations against China on cyber security and other related issues.”

While Russian spying operations, such as the so-called SolarWinds hacking campaign, have gained considerable attention, analysts say Chinese hacking continues to pose a challenge to the Biden administration’s efforts to defend government networks. Suspected Chinese hackers compromised at least five US defense and technology firms in an apparent espionage effort, CNN reported in December.

KSL 5 TV Live

Top Stories

National News

In this handout photo provided by the Las Vegas Metropolitan Police Department, Nathan Lee Chasing ...
Rio Yamat, Associated Press

‘Dances With Wolves’ actor charged in Nevada sex abuse case

Former “Dances With Wolves” actor Nathan Chasing Horse has been formally charged in Nevada with eight felonies and two misdemeanors.
18 hours ago
police tape outside of a Virginia elementary school...
Denise Lavoie and Ben Finley, Associated Press

Boy who shot teacher allegedly tried to choke another

An attorney for a teacher who was shot and wounded by a 6-year-old Virginia boy says in a legal notice that the first-grader constantly cursed at staff and teachers, chased students around and tried to whip them with his belt and once choked another teacher “until she couldn’t breathe.”
18 hours ago
IN SPACE - FEBRUARY 8: In this handout photo provided by SpaceX, a Tesla roadster launched from the...
Jackie Wattles

SpaceX put a Tesla sportscar into space five years ago. Where is it now?

It's been half a decade since Elon Musk launched his own Tesla car into space with a SpaceX rocket, but where is it now?
18 hours ago
Map shows path of suspected spy balloon.Credit: ASSOCIATED PRESS...
Zeke Miller, Lolita C. Baldor and Aamer Madhani

White House: Improved surveillance ordered by Biden caught Chinese balloon

U.S. officials say that efforts ordered by President Joe Biden to strengthen defenses against Chinese espionage helped identify last week’s spy balloon.
18 hours ago
AMC raises seat prices...
Associated Press

AMC to charge more for good seats in movie theaters

Middle seats at many U.S. movie theaters just got more expensive.
18 hours ago
ATLANTA, GEORGIA - NOVEMBER 10: In this photo illustration, the FTX website is seen on a computer o...
Allison Morrow

FTX to politicians: Give us back our donations or we’ll sue you

New FTX management is pressuring hundreds of politicians and political organizations to return millions of dollars donated by them or its founders before it went bankrupt.
18 hours ago

Sponsored Articles

vintage photo of lighting showroom featuring chandeliers, lamps, wall lights and mirrors...
Lighting Design

History of Lighting Design | Over 25 Years of Providing Utah With the Latest Trends and Styles

Read about the history of Lighting Design, a family-owned and operated business that paved the way for the lighting industry in Utah.
Fiber Optical cables connected to an optic ports and Network cables connected to ethernet ports...
Brian Huston, CE and Anthony Perkins, BICSI

Why Every Business Needs a Structured Cabling System

A structured cabling system benefits businesses by giving you faster processing speeds and making your network more efficient and reliable.
notebook with password notes highlighted...
PC Laptops

How to Create Strong Passwords You Can Actually Remember

Learn how you can create strong passwords that are actually easy to remember! In a short time you can create new ones in seconds.
house with for rent sign posted...
Chase Harrington, president and COO of Entrata

Top 5 Reasons You May Want to Consider Apartment Life Over Owning a Home

There are many benefits of renting that can be overshadowed by the allure of buying a home. Here are five reasons why renting might be right for you.
Festive kitchen in Christmas decorations. Christmas dining room....
Lighting Design

6 Holiday Decor Trends to Try in 2022

We've rounded out the top 6 holiday decor trends for 2022 so you can be ahead of the game before you start shopping. 
Happy diverse college or university students are having fun on their graduation day...
BYU MBA at the Marriott School of Business

How to Choose What MBA Program is Right for You: Take this Quiz Before You Apply!

Wondering what MBA program is right for you? Take this quiz before you apply to see if it will help you meet your goals.
Cybersecurity firm says Chinese hackers breached six US state agencies