According to Mandiant, the Chinese hacking group known as China APT41 has compromised multiple U.S. state government networks.
The group successfully penetrated at least six U.S. state networks during a months-long campaign.
The hacking group used vulnerable internet-facing web applications to gain an initial foothold into state networks. This included exploiting a zero-day vulnerability in a software application called USAHerds, used by 18 states for animal health management, and the Log4Shell vulnerability in Apache Log4j, a ubiquitous Java logging library.
The compromise of two U.S. state government networks and other targets in the insurance and telecoms industries was the result of the Log4Shell vulnerability being exploited by APT41 within hours of the Apache Foundation publicly sounding the alarm. After gaining a foothold on the network, APT41 went on to perform credential collection.
A variety of new techniques, evasion methods, and capabilities were uncovered in the investigation. Two weeks after Mandiant discovered a vulnerability in a proprietary web application that was used by APT41 to gain access to a network, they came back with a new zero-day exploit. The group updated the data on a specific forum post on a regular basis, which enabled it to receive instructions from the attackers.
The goal of the campaign remains unclear but that whatever the group is after, it must be of high value.
While the world is focused on the potential of Russian cyber threats in the wake of the invasion of Ukraine, other major threat actors around the world are continuing their operations as usual, according to the principal threat analyst at Mandiant.
The campaign from APT41, one of the most prolific threat actors around, continues to this day, and we cannot allow other cyber activity to fall to the wayside.
Justice Department charges five Chinese members of APT41 over cyberattacks on US companies
All Rights Reserved © 2024
