China state-backed hackers compromised networks of at least 6 U.S. state governments, research finds

A Chinese state-sponsored hacking group successfully compromised the computer networks of at least six U.S. state governments between May 2021 and February this year, according to research published by cybersecurity firm Mandiant on Tuesday.

The group, known as APT41, allegedly exploited vulnerabilities in web applications to get their initial foothold into state government networks, Mandiant said.

APT41, which Mandiant claims carries out state-sponsored espionage on behalf of Beijing, took advantage of software flaws and quickly exploited security vulnerabilities that were made public by researchers. The hackers also adapted their tools to attack via different methods, it said.

“APT41’s recent activity against U.S. state governments consists of significant new capabilities, from new attack vectors to post-compromise tools and techniques,” the researchers said.

“APT41 can quickly adapt their initial access techniques by re-compromising an environment through a different vector, or by rapidly operationalizing a fresh vulnerability.”

Mandiant, the company behind Tuesday’s research, is a Nasdaq-listed cybersecurity firm based in the U.S. On Tuesday, Google said that it plans to acquire the company for around $5.4 billion.

Other researchers, including those from BlackBerry, have previously identified APT41 as “a prolific Chinese state-sponsored cyberthreat group.” This is based on research the company published last year that builds on other reports on APT41 and uncovers other cyberattacks the group has carried out.

China’s embassy in the U.K. was not immediately available for comment when contacted by CNBC. China has repeatedly denied that it engages in cyberespionage.

In September 2020, the U.S. Department of Justice indicted five Chinese nationals, including some it said were part of APT41, with computer intrusions affecting over 100 victim companies in the U.S. and abroad.

Mandiant said Tuesday that APT41 appeared to be “undeterred” by the indictment and its goals remain “unknown.”

“Overall goals of APT41’s campaign remain unknown. Their persistence to gain access into government networks, exemplified by re-compromising previous victims and targeting multiple agencies within the same state, show that whatever they are after it is important. We have found them everywhere, and that is unnerving,” the researchers said.

Last month, FBI Director Christopher Wray accused the Chinese government of “trying to steal” information and technology and launching cyberattacks.

Last year, the U.S., European Union, NATO and other allies blamed China for the massive cyberattack on Microsoft Exchange email servers.

Zhao Lijin, a spokesperson for China’s foreign ministry, denied that China was behind the Microsoft Exchange attack.

“China firmly opposes and combats any form of cyberattacks, and will not encourage, support or condone any cyberattacks,” Zhao said in July.