NATIONAL NEWS

Cybersecurity firm says Chinese hackers breached six US state agencies

Mar 8, 2022, 10:32 AM | Updated: Jun 8, 2022, 3:18 pm

View of the office building of the Ministry of Public Security of the Peoples Republic of China (MS...

View of the office building of the Ministry of Public Security of the Peoples Republic of China (MSS) in Beijing, China, 16 August 2008. No Use China. No Use France.

(MSS)

(CNN) — A Chinese government-backed hacking group has breached local government agencies in at least six US states in the last 10 months as part of a persistent information-gathering operation, investigators at cybersecurity firm Mandiant said Tuesday.

The wide range of state agencies targeted include “health, transportation, labor (including unemployment benefit systems), higher education, agriculture, and court networks and systems,” the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) said in a separate, private advisory to state governments obtained by CNN.

For agencies in two states, the hackers broke into networks using a critical software flaw that was revealed in December just as the Biden administration was scrambling to respond to the flaw’s discovery, according to Mandiant.

The revelation shows how difficult it can be to keep state-backed hackers from accessing US networks — even when US officials are sounding the alarm about a potential threat. And it’s a reminder that as many analysts are watching for Russian cyber threats during the Ukraine war, other foreign governments aren’t letting up in targeting US networks.

The hackers’ motives aren’t clear, but their victims are “consistent with an espionage operation,” the firm said. The list of state agencies affected by the hacking could grow as the investigation continues.

CISA on December 10 publicly warned that Log4J — software used by big tech firms around the world — had a vulnerability that hackers could easily exploit to gain further access to computer systems.

Hundreds of millions of computers around the world ran the vulnerable software, US officials later estimated. For weeks, US officials urged companies to update their software; the White House hosted a meeting in January with tech executives to try to address the root problem of software that is not secure by design.

Within hours of the CISA advisory, the Chinese hackers had begun using the Log4J flaw to break into the two US state agencies, according to Mandiant. Agencies in four other states were hacked via other means.

In one state, Mandiant said, the hackers accessed personal data on some Americans, including names, email addresses and mobile phone numbers. Mandiant declined to name the US states or agencies affected.

While the hackers’ ultimate objectives are unclear, state agencies could provide a wealth of useful information to foreign spies, whether data related to elections or government contracting.

“This campaign is likely still going on. [The hackers] probably haven’t completed their mission,” said Rufus Brown, senior threat analyst at Mandiant’s Advanced Practices team.

The hackers have used multiple methods to access the state agency networks, and in some cases have returned to the same compromised network after Mandiant specialists contained the activity.

CNN has asked CISA to comment.

Mandiant blamed the hacking campaign on a group that the Justice Department has linked with China’s civilian intelligence agency. That hacking group, according to a US indictment unsealed in September 2020, has been linked to attempts to breach hundreds of organizations around the world, from hardware makers to pro-democracy politicians in Hong Kong.

“We firmly oppose and combat cyberattacks of any kind,” Chinese Embassy in Washington spokesperson Liu Pengyu said in an email. “We oppose making groundless accusations against China on cyber security and other related issues.”

While Russian spying operations, such as the so-called SolarWinds hacking campaign, have gained considerable attention, analysts say Chinese hacking continues to pose a challenge to the Biden administration’s efforts to defend government networks. Suspected Chinese hackers compromised at least five US defense and technology firms in an apparent espionage effort, CNN reported in December.

KSL 5 TV Live

National News

FILE – Refugees. Here in Utah, dozens of refugees who were preparing to make the state their new ...

Debbie Worthen

Executive order indefinitely suspends Refugee Resettlement program

One of President Trump's first executive orders has placed a halt on many refugees bound for the United States. Here in Utah, dozens of refugees who were preparing to make the state their new home through the Refugee Resettlement program are now left in limbo.

8 hours ago

Oreo is partnering with singer Post Malone for its next limited edition cookie, featuring a first-o...

Jordan Valinsky, CNN

Oreo is releasing this flavor for the first time ever

Oreo is partnering with singer Post Malone for its next limited edition cookie, featuring a first-of-its-kind filling for the brand.

10 hours ago

The smoke and flames of the Hughes Fire are seen near Castaic Lake, California, on Wednesday. (Davi...

Artemis Moshtaghian, Amanda Musa and Emma Tucker, CNN

Thousands under evacuation orders in northern LA County in first significant wildfire outbreak since fatal fires

Thousands of Southern California residents were under evacuation orders Wednesday as fire crews battled the out-of-control Hughes Fire near the town of Castaic, a suburb in the foothills and mountains of northern Los Angeles County.

13 hours ago

House Speaker Mike Johnson, R-La., center, joined from left by Rep. Jeff Hurd, R-Colo., Republican ...

Stephen Groves, Associated Press

House passes immigrant detention bill that would be Trump’s first law to sign

The House on Wednesday gave final approval to a bill that requires the detainment of unauthorized migrants accused of theft and violent crimes, marking the first legislation that President Donald Trump can sign as Congress, with some bipartisan support, swiftly moved in line with his plans to crackdown on illegal immigration.

14 hours ago

Students arrive for school Tuesday, Jan. 21, 2025, in the East Boston neighborhood of Boston. (AP P...

Olga R. Rodriguez, Moriah Balingit, Bianca Vázquez Toness and Jocelyn Gecker, Associated Press

Trump won’t ban immigration arrests at school. Some families are now weighing school attendance

As President Donald Trump cracks down on immigrants in the U.S. illegally, some families are wondering if it is safe to send their children to school.

17 hours ago

At least two students were shot on January 22 at Antioch High School in Nashville, when another stu...

Chris Boyette and Caroll Alvarado, CNN

Student fatally shoots 1 student, wounds another at Nashville high school, police say

At least two students were wounded Wednesday at Antioch High School in Nashville, when another student allegedly shot them in the school cafeteria, Metro Nashville Police said.

18 hours ago

Sponsored Articles

holiday gift basket with blue tissue paper and gingerbread cookies...

Kneaders Bakery & Cafe

Holiday hacks for a stress-free season

Get more out of your time with family and loved ones over the holidays by following these tips for a stress-free season.

2 computer techs in a computer shop holding up a computer server with the "hang loose" sign...

PC Laptops

A comprehensive guide to choosing the right computer

With these tips, choosing the right computer that fits your needs and your budget will be easier than ever.

crowds of people in a German style Christmas market...

This Is The Place Heritage Park

Celebrate Christkindlmarket at This Is The Place Heritage Park!

The Christkindlmarket is an annual holiday celebration influenced by German traditions and generous giving.

Image of pretty woman walking in snowy mountains. Portrait of female wearing warm winter earmuff, r...

Lighting Design

Brighten your mood this winter with these lighting tricks

Read our lighting tips on how to brighten your mood in the winter if you are experiencing seasonal affective disorder.

A kitchen with a washer and dryer and a refrigerator...

Appliance Man

Appliance Man: a trusted name in Utah’s home appliance industry

Despite many recent closures of local appliance stores, Appliance Man remains Utah's trusted home appliance business and is here to stay.

abstract vector digital social network technology background...

Les Olson

Protecting yourself against social engineering attacks

Learn more about the common types of social engineering to protect your online or offline assets from an attack.

Cybersecurity firm says Chinese hackers breached six US state agencies