Cybersecurity firm says Chinese hackers breached six US state agencies

Mar 8, 2022, 10:32 AM | Updated: Jun 8, 2022, 3:18 pm
View of the office building of the Ministry of Public Security of the Peoples Republic of China (MS...
View of the office building of the Ministry of Public Security of the Peoples Republic of China (MSS) in Beijing, China, 16 August 2008. No Use China. No Use France.

(CNN) — A Chinese government-backed hacking group has breached local government agencies in at least six US states in the last 10 months as part of a persistent information-gathering operation, investigators at cybersecurity firm Mandiant said Tuesday.

The wide range of state agencies targeted include “health, transportation, labor (including unemployment benefit systems), higher education, agriculture, and court networks and systems,” the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) said in a separate, private advisory to state governments obtained by CNN.

For agencies in two states, the hackers broke into networks using a critical software flaw that was revealed in December just as the Biden administration was scrambling to respond to the flaw’s discovery, according to Mandiant.

The revelation shows how difficult it can be to keep state-backed hackers from accessing US networks — even when US officials are sounding the alarm about a potential threat. And it’s a reminder that as many analysts are watching for Russian cyber threats during the Ukraine war, other foreign governments aren’t letting up in targeting US networks.

The hackers’ motives aren’t clear, but their victims are “consistent with an espionage operation,” the firm said. The list of state agencies affected by the hacking could grow as the investigation continues.

CISA on December 10 publicly warned that Log4J — software used by big tech firms around the world — had a vulnerability that hackers could easily exploit to gain further access to computer systems.

Hundreds of millions of computers around the world ran the vulnerable software, US officials later estimated. For weeks, US officials urged companies to update their software; the White House hosted a meeting in January with tech executives to try to address the root problem of software that is not secure by design.

Within hours of the CISA advisory, the Chinese hackers had begun using the Log4J flaw to break into the two US state agencies, according to Mandiant. Agencies in four other states were hacked via other means.

In one state, Mandiant said, the hackers accessed personal data on some Americans, including names, email addresses and mobile phone numbers. Mandiant declined to name the US states or agencies affected.

While the hackers’ ultimate objectives are unclear, state agencies could provide a wealth of useful information to foreign spies, whether data related to elections or government contracting.

“This campaign is likely still going on. [The hackers] probably haven’t completed their mission,” said Rufus Brown, senior threat analyst at Mandiant’s Advanced Practices team.

The hackers have used multiple methods to access the state agency networks, and in some cases have returned to the same compromised network after Mandiant specialists contained the activity.

CNN has asked CISA to comment.

Mandiant blamed the hacking campaign on a group that the Justice Department has linked with China’s civilian intelligence agency. That hacking group, according to a US indictment unsealed in September 2020, has been linked to attempts to breach hundreds of organizations around the world, from hardware makers to pro-democracy politicians in Hong Kong.

“We firmly oppose and combat cyberattacks of any kind,” Chinese Embassy in Washington spokesperson Liu Pengyu said in an email. “We oppose making groundless accusations against China on cyber security and other related issues.”

While Russian spying operations, such as the so-called SolarWinds hacking campaign, have gained considerable attention, analysts say Chinese hacking continues to pose a challenge to the Biden administration’s efforts to defend government networks. Suspected Chinese hackers compromised at least five US defense and technology firms in an apparent espionage effort, CNN reported in December.

KSL 5 TV Live

Top Stories

National News

HIGHLAND PARK, IL - JULY 05: Law enforcement work the scene of a shooting at a Fourth of July parad...
Amir Vera, Jason Hanna, Adrienne Broaddus and Helen Regan, CNN

Highland Park parade shooting suspect charged with 7 counts of murder

Police on Tuesday identified six of the seven victims killed in the Highland Park July Fourth parade shooting.
18 hours ago
An Atlanta-area special grand jury investigating former President Donald Trump's attempts to overtu...
Sara Murray and Jason Morris, CNN

Graham, Giuliani, Eastman and other Trump advisers subpoenaed in Georgia election probe

An Atlanta-area special grand jury investigating former President Donald Trump's attempts to overturn the 2020 election in Georgia has subpoenaed a handful of key Trump allies, including his former attorney and South Carolina Sen. Lindsey Graham
18 hours ago
R&B singer R. Kelly (L) arrives at the Cook County courthouse where jury selection is scheduled to ...
Associated Press

In reversal, prosecutors say R. Kelly off suicide watch

Prosecutors say R. Kelly is no longer on suicide watch following the jailed R&B singer's sentencing in a federal sex abuse case.
18 hours ago
A person pumps gas at a Shell gas station on April 01, 2022, in Houston, Texas. The Biden administr...
Alicia Wallace and Chris Isidore, CNN

Oil drops below $100 a barrel for first time since early May

For the first time in nearly two months, crude oil prices have fallen below $100 a barrel, reflecting investors' growing concerns of a US recession.
18 hours ago
CAPSTONE revealed in lunar Sunrise...
The Associated Press

NASA: Contact lost with spacecraft on way to test moon orbit

NASA said Tuesday it has lost contact with a $32.7 million spacecraft headed to the moon to test out a lopsided lunar orbit, but agency engineers are hopeful they can fix the problem.
18 hours ago
PHOENIX, AZ - NOVEMBER 08:  A Maricopa County Elections Department sign directs voters to a polling...
Holmes Lybrand

Justice Department sues Arizona over new election law requiring proof of citizenship

The Justice Department sued the state of Arizona Tuesday to block a law that would require proof of citizenship to register to vote in the state.
18 hours ago

Sponsored Articles

hand holding 3d rendering mobile connect with security camera for security solutions...
Les Olson

Wondering what security solutions are right for you? Find out more about how to protect your surroundings

Physical security helps everyone. Keep your employees, clients, and customers safe with security solutions that protect your workplace.
Many rattan pendant lights, hay hang from the ceiling.Traditional and simple lighting....
Lighting Design

The Best Ways to Style Rattan Pendant Lighting in Your Home

Rattan pendant lights create a rustic and breezy feel, and are an easy way to incorporate this hot trend into your home decor.
Earth day 2022...

How Are You Celebrating Earth Day 2022? | 4 Simple Ways to Celebrate Earth Day and Protect the Environment

Earth Day is a great time to reflect on how we can be more environmentally conscious. Here are some tips for celebrating Earth Day.
Get Money Online...

More Ways to Get Money Online Right Now in Your Spare Time

Here are 4 easy ways that you can get more money online if you have some free time and want to make a little extra on the side.
Lighting trends 2022...

Lighting Trends 2022 | 5 Beautiful Home Lighting Trends You Can Expect to See this Year and Beyond

This is where you can see the latest lighting trends for 2022 straight from the Lightovation Show at the Dallas World Trade Center.
What Can't You Throw Away in the Trash...

What Can’t You Throw Away in the Trash? | 5 Things You Shouldn’t Throw in to Your Trash Can

What can't you throw away in the trash? Believe it or not, there are actually many items that shouldn't be thrown straight into the trash.
Cybersecurity firm says Chinese hackers breached six US state agencies