Hackers broke into the computer networks of at least six state governments in the US in the last year, according to a report released Tuesday by cybersecurity firm Mandiant. Mandiant said the hackers were working on behalf of the Chinese government.
According to NBC, the firm did not identify which states were affected or the motive for the hacks which began in May of 2021, but the Chinese group APT41, which is believed to be responsible for the breaches has been known for hacking for financial gain and espionage.
The hackers took advantage of a vulnerability in a commercial web application used by 18 states for animal health management, according to the report. The hackers also exploited LOG4j, a known software flaw, which was discovered in December, and according to US officials could be present on hundreds of millions of devices.
State agencies were a prime target for hackers, especially during the pandemic. Concerns regarding cyberattacks has been renewed during the ongoing invasion of Ukraine by Russia. According to NBC, Russian hackers exploited supply chain vulnerabilities to breach the networks of at least nine US agencies as well as private companies.
The Mandiant report stated, "Through all the new, some things remain unchanged: APT41 continues to be undeterred by the U.S. Department of Justice (DOJ) indictment in September 2020."
According to NBC, APT41 has been implicated in a 2020 Justice Department indictment accusing Chinese hackers of targeting over 100 companies and organizations in the US and overseas, companies ranging from social media to telecommunications providers and everything in between.
The Chinese government dismissed the US accusations of hacking as "groundless" speculation.