Security News > 2022 > March > Cow-counting app 'abused by China to spy on US govt'

Cow-counting app 'abused by China to spy on US govt'
2022-03-09 00:08

Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant.

Mandiant said APT41 aka Double Dragon, one of China's more aggressive intrusion crews, exploited a zero-day vulnerability in a web app called USAHerds, used for tracking the health and density of the nation's livestock, as well as the Log4j flaw, to break into American public-sector systems.

Speaking of APT41, Mandiant analyst Rufus Brown told The Register on Tuesday: "Lately, it's mainly just been focused on US state government networks, and also some areas within Southeast Asia that have been pretty highly targeted."

You can read Mandiant's full report here for the details on APT41's exploits, which range from SQL injections to directory traversal to deserialization attacks, that led to its intrusions into US state government systems.

"KEYPLUG," said Mandiant, giving its nickname for APT41's Windows malware, "Is a modular backdoor written in C++ that supports multiple network protocols for command and control traffic including HTTP, TCP, KCP over UDP, and WSS.".

A US Health Sector Cybersecurity Coordination Center report [PDF] from last year reiterated a previous Mandiant finding that APT41 was "Attributable to Chinese individuals working on behalf of the Chinese government" who were also stealing data for private resale to enrich themselves.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/09/china_apt41_mandiant/