How do you infiltrate US government computers when security experts are increasingly aware of your hacking campaigns? Send old-fashioned mail, apparently. The Multi-State Information Sharing and Analysis Center has warned officials of a China-based campaign that mails CDs loaded with malware. State institutions have received China-postmarked envelopes containing both discs with virus-laden Word documents as well as nonsensical letters. While it's not clear what the exact intent was, it looks as if the 'hackers' hoped to make their campaign seem more plausible by sending something physical.
The recipients aren't what you'd call prime targets. State-level archives, historical societies and one Department of Cultural Affairs have all received CDs. The Analysis Center didn't say whether or not anyone had inserted the discs. That doesn't seem very likely, mind you. If the postmarks and strange letters weren't enough to deter curious officials, the unlabeled discs were. And that's assuming they could load the discs in the first place -- there's no guarantee that a government PC will have an optical drive, let alone one that can handle a mini CD. Why not include USB drives instead?
There aren't clues as to the specific culprits. However, there is a history of Chinese hackers targeting organizations for exploratory purposes rather than stealing data or making a profit. This may be more about understanding state governments (if just to prepare for future attacks) than anything else.