A group of hackers with links to the Chinese government compromised the computer networks in six U.S. state governments as part of a campaign that included the exploitation of internet-facing web applications and the use of the Log4j vulnerability, The Wall Street Journal reported Wednesday.
Cybersecurity firm Mandiant conducted investigations into the activity of the hacking group, called Advanced Persistent Threat 41, and found that the threat actors gained access to the computer systems of the state governments as part of the campaign that started in May 2021.
In February, two of the previously identified state governments were compromised again by the APT 41 group, according to researchers at Mandiant. They also found evidence of personal identifiable information being exfiltrated by the group.
“APT 41 continues to pose a significant threat to public and private organizations alike around the world,” said Geoff Ackerman, principal threat analyst at Mandiant. “We have found them everywhere, and that is unnerving.”
In December, the Cybersecurity and Infrastructure Security Agency urged federal civilian agencies to immediately patch the Log4j vulnerability.
The Department of Justice indicted five Chinese citizens in 2020 for alleged compromise of more than 100 companies in the U.S. and abroad. Federal prosecutors said those alleged threat actors were part of the APT 41 group and were linked to China’s state security ministry.