Security News > 2022 > March > APT41 Spies Broke Into 6 US State Networks via a Livestock App

APT41 Spies Broke Into 6 US State Networks via a Livestock App
2022-03-09 21:10

"In most of the web application compromises, APT41 conducted.NET deserialization attacks; however, we have also observed APT41 exploiting SQL injection and directory traversal vulnerabilities," they said.

APT41 "Heavily" used the Windows version of the KEYPLUG backdoor at state government victims between June 2021 and December 2021, researchers said.

"In two other instances, Mandiant began an investigation at one state agency only to find that APT41 had also compromised a separate, unrelated agency in the same state," according to Mandiant.

Late last month, APT41 circled back to re-compromis two previous U.S. state government victims.

Mandiant sketched out a timeline, replicated below, showing the attacks against state government networks.

"APT41's recent activity against U.S. state governments consists of significant new capabilities, from new attack vectors to post-compromise tools and techniques," researchers concluded.


News URL

https://threatpost.com/apt41-spies-broke-into-6-us-state-networks-via-livestock-app/178838/