In the US and Europe, China hackers are reportedly targeting US State Department entities and European entities related to the invasion of Ukraine.
Chinese hackers were reportedly identified hacking into six US State Department facilities in recent weeks.
A Chinese state-sponsored hacking group successfully compromised the computer networks of at least six U.S. state governments between May 2021 and February this year, according to research published by cybersecurity firm Mandiant on Tuesday.
APT41, which Mandiant claims carries out state-sponsored espionage on behalf of Beijing, took advantage of software flaws and quickly exploited security vulnerabilities that were made public by researchers. The hackers also adapted their tools to attack via different methods, it said.
“APT41’s recent activity against U.S. state governments consists of significant new capabilities, from new attack vectors to post-compromise tools and techniques,” the researchers said.
“APT41 can quickly adapt their initial access techniques by re-compromising an environment through a different vector, or by rapidly operationalizing a fresh vulnerability.”
Mandiant, the company behind Tuesday’s research, is a Nasdaq-listed cybersecurity firm based in the U.S. On Tuesday, Google said that it plans to acquire the company for around $5.4 billion.
In Europe hackers associated with China were also recently identified. According to Forbes Google identified a group of Chinese hackers in Europe.
Google reported on Monday that a Chinese group called Mustang Panda targeted European entities with lures related to Russia’s invasion of Ukraine. The company’s Threat Analysis Group (TAG) spotted phishing emails with malicious attached files with names such as ‘Situation at the EU borders with Ukraine.zip’.
“Contained within the zip file is an executable of the same name that is a basic downloader and when executed, downloads several additional files that load the final payload. To mitigate harm, TAG alerted relevant authorities of its findings,” Google wrote, adding: “Targeting of European organizations has represented a shift from Mustang Panda’s regularly observed Southeast Asian targets.”
This isn’t the first China hack reported in the US. In April 2021, China reportedly hacked the US government and companies in the US remotely.
This will not be the last time China is caught hacking into US or European systems.