โA group of malicious cyber actorsโ has had access to U.S. government files for years, says FBI
According to an FBI alert obtained by Motherboard, a mysterious hacking group has had access to U.S. government files for years whom security experts believe to be the government-sponsored hacking group known as APT6. The hackers may still be able to tap off data from government computer networks.
Their activities which have gone unnoticed for years apparently dates back to 2011, and may be linked to attacks on the U.S. governmentโs computer infrastructure originating in 2008.
According to Motherboard, the alert that is also available online shows that foreign government hackers are still successfully hacking and stealing data from US governmentโs servers. APT6 group also known as Advanced Persistent Threat 6, โhave compromised and stolen sensitive information from various government and commercial networksโ since 2011, the FBI says.
While the FBI did not comment on the alert, it only said that it was just another instance of a routine notice to private partners, โprovided in order to help systems administrators guard against the actions of persistent cyber criminals.โ
This group of โpersistent cyber criminalsโ is especially persistent. According to sources within the antivirus and threat intelligence industry, the group is none other than the โAPT6โ hacking group. Old reports indicate that APT6 is a codename given to a group believed to be working for the Chinese government.
Russian security firm Kaspersky Lab told Motherboard that APT6 is โone of the earlier APTs. They definitely go back further than 2011 or whateverโmore like 2008 I believe,โ researcher Kurt Baumgartner said. While he did not clarify if APT6 is linked to the Chinese government as doubted by some people, he said that its targets align with the interest of a state-sponsored attacker.
Kyrk Storer, a spokesperson with FireEye, confirmed that the domains listed in the alert โwere associated with APT6 and one of their malware backdoors,โ and that the hackers โtargeted the US and UK defense industrial base.โ
APT6 is โlikely a nation-state sponsored group based in China,โ according to FireEye, which โhas been dormant for the past several years.โ
The FBI published an extensive list of websites in the alert that are part of command and control servers that launch phishing attacks. While domains controlled by the hackers were โsuspendedโ as of late December 2015, according to the alert, it is unclear whether the threat has been removed. However, some security experts believe that hackers would still be able to move freely inside U.S. government computers.
โLooks like they were in for years before they were caught, God knows where they are,โ information security expert Michael Adams told Motherboard. Adams who reviewed the alert has served more than two decades in the US Special Operations Command. โAnybody whoโs been in that network all this long, they could be anywhere and everywhere.โ
Adams further added that the alert is almost admittance that the government has no hold over its own computer network.
โItโs just flabbergasting,โ he said. โHow many times can this keep happening before we finally realized weโre screwed?โ
Source: Motherboard