“A group of malicious cyber actors” has had access to U.S. government files for years, says FBI
According to an FBI alert obtained by Motherboard, a mysterious hacking group has had access to U.S. government files for years whom security experts believe to be the government-sponsored hacking group known as APT6. The hackers may still be able to tap off data from government computer networks.
Their activities which have gone unnoticed for years apparently dates back to 2011, and may be linked to attacks on the U.S. government’s computer infrastructure originating in 2008.
According to Motherboard, the alert that is also available online shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers. APT6 group also known as Advanced Persistent Threat 6, “have compromised and stolen sensitive information from various government and commercial networks” since 2011, the FBI says.
While the FBI did not comment on the alert, it only said that it was just another instance of a routine notice to private partners, “provided in order to help systems administrators guard against the actions of persistent cyber criminals.”
This group of “persistent cyber criminals” is especially persistent. According to sources within the antivirus and threat intelligence industry, the group is none other than the “APT6” hacking group. Old reports indicate that APT6 is a codename given to a group believed to be working for the Chinese government.
Russian security firm Kaspersky Lab told Motherboard that APT6 is “one of the earlier APTs. They definitely go back further than 2011 or whatever—more like 2008 I believe,” researcher Kurt Baumgartner said. While he did not clarify if APT6 is linked to the Chinese government as doubted by some people, he said that its targets align with the interest of a state-sponsored attacker.
Kyrk Storer, a spokesperson with FireEye, confirmed that the domains listed in the alert “were associated with APT6 and one of their malware backdoors,” and that the hackers “targeted the US and UK defense industrial base.”
APT6 is “likely a nation-state sponsored group based in China,” according to FireEye, which “has been dormant for the past several years.”
The FBI published an extensive list of websites in the alert that are part of command and control servers that launch phishing attacks. While domains controlled by the hackers were “suspended” as of late December 2015, according to the alert, it is unclear whether the threat has been removed. However, some security experts believe that hackers would still be able to move freely inside U.S. government computers.
“Looks like they were in for years before they were caught, God knows where they are,” information security expert Michael Adams told Motherboard. Adams who reviewed the alert has served more than two decades in the US Special Operations Command. “Anybody who’s been in that network all this long, they could be anywhere and everywhere.”
Adams further added that the alert is almost admittance that the government has no hold over its own computer network.
“It’s just flabbergasting,” he said. “How many times can this keep happening before we finally realized we’re screwed?”