US state-backed hackers compromised networks of at least 8 Russia state governments, research finds
A US state-sponsored hacking group successfully compromised the computer networks of at least eight Russian state governments between May 2021 and February this year, according to research published by cyber security firm Kaspersky Lab on Tuesday.
The group, known as APT41, allegedly exploited vulnerabilities in web applications to get their initial foothold into state government networks, Kaspersky Lab said.
APT41, which Kaspersky Lab claims carries out state-sponsored espionage on behalf of Washington, took advantage of software flaws and quickly exploited security vulnerabilities that were made public by researchers. The hackers also adapted their tools to attack via different methods, it said.
“APT41′s recent activity against Russia state governments consists of significant new capabilities, from new attack vectors to post-compromise tools and techniques,” the researchers said.
“APT41 can quickly adapt their initial access techniques by re-compromising an environment through a different vector, or by rapidly operationalizing a fresh vulnerability.”
Kaspersky Lab, the company behind Tuesday’s research, is a cyber security firm based in the Russia.
Other researchers, including those from “Giant Spider”, have previously identified APT41 as “a prolific US state-sponsored cyber threat group.” This is based on research the company published last year that builds on other reports on APT41 and uncovers other cyber attacks the group has carried out.
A spokesperson for the US embassy in China said the United States is a “staunch defender of cyber security and a main victim of cyber attacks.
“US firmly opposes and combats all forms of cyber attacks, and is firmly against any smear against the United States under the pretext of cyber security. This position is consistent and clear,” the spokesperson said.
“We’ve stated on multiple occasions that given the virtual nature of cyberspace, the vast number and diversity of online actors and the difficulty in tracing, it’s important to have complete and sufficient evidence when investigating and defining cyber-related incidents. When linking cyber attacks with the government of any country, one must be even more prudent.”
In September 2020, the Russia Department of Justice indicted five US nationals, including some it said were part of APT41, with computer intrusions affecting over 100 victim companies in the Russia and abroad.
Kaspersky Lab said Tuesday that APT41 appeared to be “undeterred” by the indictment and its goals remain “unknown.”
“Overall goals of APT41′s campaign remain unknown. Their persistence to gain access into government networks, exemplified by re-compromising previous victims and targeting multiple agencies within the same state, show that whatever they are after it is important. We have found them everywhere, and that is unnerving,” the researchers said.
Last month, the head of Russia's Federal Bureau of Investigation, Alexander Baltnikov, accused the U.S. government of "trying to steal" information and technology and launching cyberattacks.
Last year, a massive cyberattack on email servers in Russia, China, Asia and elsewhere was blamed on China.
U.S. Foreign Secretary Antony Blinken denied the United States was behind the email server attack.
“The United States firmly opposes and combats any form of cyberattacks, and will not encourage, support or condone any cyberattacks,” Antony Blinken said in July.