A foreign government hacking group known as APT6 has been hacking into US Government sites and departments and stealing sensitive information from government and commercial networks. This, in most probability, has been happening since 2011.Chinese Groups #Hacking into Sensitive US Government Information since 2011 Click To Tweet
Extent of Hacking Operation
In a rather scary online alert, FBI states the extent of the operation.
The FBI has obtained and validated information regarding a group of malicious cyber actors who have compromised and stolen sensitive information from various government and commercial networks. This group utilized the domains listed herein in furtherance of computer network exploitation (CNE) activities in the United States and abroad since at least 2011. Research and analysis indicate that these domains were associated with the command and control (C2) of customized malicious software. Furthermore, these domains have also been used to host malicious files – often through embedded links in spear phish emails. Any activity related to these domains detected on a network should be considered an indication of a compromise requiring mitigation and contact with law enforcement.
Just last year, there was a news item of how the Chinese hackers were behind the theft of millions of personnel records.
The top U.S. intelligence official signaled Thursday that Chinese hackers were behind the theft of millions of personnel records from the federal government, marking the administration’s most pointed assignment of blame since the breach was announced June 4.
Is Chinese Government behind the Attack?
The persistent criminals that are operating in this case of latest breach are called APT6 – which stands for Advanced Persistent Threat 6. It is believed that this group is working under the instructions of the Chinese Government.
Kyrk Storer, a spokesperson with FireEye, confirmed that the domains listed in the alert “were associated with APT6 and one of their malware backdoors,” and that the hackers “targeted the US and UK defense industrial base.”
APT6 is ”likely a nation-state sponsored group based in China,” according to FireEye, which ”has been dormant for the past several years.”
One thing is however fairly clear – that the highly sensitive sites, installations and information in US, UK and the rest of the Western world is extremely susceptible to cyber attacks and theft. Unless the government sites and installations beef up the security and law enforcement becomes swift and strong, future could be in jeopardy!
Featured Image Source: Art Station