Deputy Attorney General Jeffrey Rosen speaks to the media about charges and arrests related to a computer intrusion campaign tied to the Chinese regime by a group called APT41 at the Department of Justice in Washington, on Sept. 16, 2020. (Tasos Katopodis/Pool/Getty Images)
China is hacking into state governments in the United States, stealing sensitive data, and propagandizing the world with disinformation that favors Russia’s invasion of Ukraine.
The regime most recently hit at the heart of America, in part, by using an obscure livestock app called USAHERDS. Cowboys everywhere should strap-on their chaps, saddle up, and get ready to rumble.
The most recent hacks could have targeted any state government in the United States such as Texas, Nebraska, California, or Alaska. Few know which states were breached, as the American company that discovered the breaches is keeping mum. The company is called Mandiant, which Google will purchase for $5.4 billion, according to a March 9 announcement.
What we do know is that the hackers left digital fingerprints that have APT41 written all over them. APT41 is China’s regime-backed hacking group, made infamous when the U.S. Justice Department indicted five of its members in 2020.
APT41 hacks for the Chinese Communist Party (CCP), but also for criminal profit, across the United States, Europe, and Asia. France, Britain, Australia, and Chile are all targets. The CCP hackers conduct cyberespionage and cybercrime, including ransomware and the theft of virtual currency. They go beyond normal methods to insert their code surreptitiously into automatic updates to software you may already have on your computer.
Most recently, the hackers used vulnerabilities in normal programs that professionals use, including not only USAHERDS, used by 18 U.S. states, but Log4J, loaded on millions of computers worldwide that run online services.
“It’s very unnerving to see this group everywhere,” Mandiant analyst Rufus Brown told Wired Magazine. “APT41 is going after any external-facing web application that can give them access to a network. Just very persistent, very continuous targeting.”
A hacker uses his computer in Dongguan, China's southern Guangdong Province, on Aug. 4, 2020. (Nicolas Asfouri/AFP via Getty Images)
Naive institutions that didn’t take quick action after a Dec. 10 warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), likely got hijacked. The warning probably alerted some of the CCP’s hacker army as well.
Within hours they set about using the vulnerability for its own malign purposes, including “credential harvesting” that steals passwords and “backdoor code” implantations that provide hackers with ongoing access to victimized computers.
While much of the world focuses on the cyberthreat from Russia, given the Ukraine invasion and recent warnings from the government about an increased Russian hacker threat, the latest APT41 hack should remind us that the bigger long-term danger emanates from Beijing.
The CCP buys its way into computers as well, most recently by purchasing 21 Facebook ads in Azerbaijan, Hong Kong, Kazakhstan, Tajikistan, Turkmenistan, Uzbekistan, and likely, many other countries. These ads repeat Russian propaganda about the Ukraine war, including anti-NATO messaging.
Another CCP campaign augments Russian conspiracy theories about “dangerous” U.S. biolabs in Ukraine. This propaganda could be part of a false flag operation to blame the United States for any future use, by Russia, of chemical or biological weapons.
On March 9, the U.S. State Department denied the allegations. “The United States does not own or operate any chemical or biological laboratories in Ukraine, it is in full compliance with its obligations under the Chemical Weapons Convention and Biological Weapons Convention, and it does not develop or possess such weapons anywhere. It is Russia that has active chemical and biological weapons programs and is in violation of the Chemical Weapons Convention and Biological Weapons Convention.”
The American public needs more transparency about not only the threat from Russia, which is increasingly serious, but from China as well. The U.S. State Department should denounce not only Russia, but China for its Ukraine-related propaganda against the United States.
Google should also be more transparent, fully disclosing to the public the states that APT41 breached to put them on public notice: improve cybersecurity or get voted out of office.
The Chinese regime’s global hacking and propaganda campaigns make clear that its organizations are criminal actors coordinating with other rogue states against democracy. Their links to Russia, Iran, and North Korea—all of which use hacking and propaganda as tools of illiberality—show that we need better protections of American and allied businesses and local governments. We should more effectively exclude these countries’ hackers from the global internet.
The U.S. Justice Department’s indictment of the five APT41 hackers in 2020 was in absentia, meaning that none of them were around to actually get convicted and serve time. Clearly, such symbolic slaps on the wrist are ineffective.
It’s time for the spirit of the American cowboy to bring out bigger guns: economic sanctions against the entire Chinese economy, only to be removed when the regime stops its hacking of America’s information privacy and ends its dangerous propagandizing, once and for all.
Views expressed in this article are opinions of the author and do not necessarily reflect the views of The Epoch Times.
Anders Corr has a bachelor's/master's in political science from Yale University (2001) and a doctorate in government from Harvard University (2008). He is a principal at Corr Analytics Inc., publisher of the Journal of Political Risk, and has conducted extensive research in North America, Europe, and Asia. His latest books are “The Concentration of Power: Institutionalization, Hierarchy, and Hegemony” (2021) and “Great Powers, Grand Strategies: the New Game in the South China Sea" (2018).
