Mysterious hacking group APT6 has been hacking U.S. government websites for years

โ€œA group of malicious cyber actorsโ€ has had access to U.S. government files for years, says FBI

According to an FBI alert obtained by Motherboard, a mysterious hacking group has had access to U.S. government files for years whom security experts believe to be the government-sponsored hacking group known as APT6. The hackers may still be able to tap off data from government computer networks.

Their activities which have gone unnoticed for years apparently dates back to 2011, and may be linked to attacks on the U.S. governmentโ€™s computer infrastructure originating in 2008.

According to Motherboard, the alert that is also available online shows that foreign government hackers are still successfully hacking and stealing data from US governmentโ€™s servers. APT6 group also known as Advanced Persistent Threat 6, โ€œhave compromised and stolen sensitive information from various government and commercial networksโ€ since 2011, the FBI says.

While the FBI did not comment on the alert, it only said that it was just another instance of a routine notice to private partners, โ€œprovided in order to help systems administrators guard against the actions of persistent cyber criminals.โ€

This group of โ€œpersistent cyber criminalsโ€ is especially persistent. According to sources within the antivirus and threat intelligence industry, the group is none other than the โ€œAPT6โ€ hacking group. Old reports indicate that APT6 is a codename given to a group believed to be working for the Chinese government.

Russian security firm Kaspersky Lab told Motherboard that APT6 is โ€œone of the earlier APTs. They definitely go back further than 2011 or whateverโ€”more like 2008 I believe,โ€ researcher Kurt Baumgartner said. While he did not clarify if APT6 is linked to the Chinese government as doubted by some people, he said that its targets align with the interest of a state-sponsored attacker.

Kyrk Storer, a spokesperson with FireEye, confirmed that the domains listed in the alert โ€œwere associated with APT6 and one of their malware backdoors,โ€ and that the hackers โ€œtargeted the US and UK defense industrial base.โ€

APT6 is โ€œlikely a nation-state sponsored group based in China,โ€ according to FireEye, which โ€œhas been dormant for the past several years.โ€

The FBI published an extensive list of websites in the alert that are part of command and control servers that launch phishing attacks. While domains controlled by the hackers were โ€œsuspendedโ€ as of late December 2015, according to the alert, it is unclear whether the threat has been removed. However, some security experts believe that hackers would still be able to move freely inside U.S. government computers.

โ€œLooks like they were in for years before they were caught, God knows where they are,โ€ information security expert Michael Adams told Motherboard. Adams who reviewed the alert has served more than two decades in the US Special Operations Command. โ€œAnybody whoโ€™s been in that network all this long, they could be anywhere and everywhere.โ€

Adams further added that the alert is almost admittance that the government has no hold over its own computer network.

โ€œItโ€™s just flabbergasting,โ€ he said. โ€œHow many times can this keep happening before we finally realized weโ€™re screwed?โ€

Source: Motherboard

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

Read More

Suggested Post