Security News > 2022 > March > Cow-counting app abused by China 'to spy on US states'

Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant.

Mandiant said APT41 aka Double Dragon, one of China's more aggressive intrusion crews, exploited a zero-day vulnerability in a web app called USAHerds, used by agriculture officials to track the health and density of the nation's livestock, as well as the Log4j flaw, to break into American local government systems.

Speaking of APT41, Mandiant analyst Rufus Brown told The Register on Tuesday: "Lately, it's mainly just been focused on US state government networks, and also some areas within Southeast Asia that have been pretty highly targeted."

You can read Mandiant's full report here for the details on APT41's exploits, which range from SQL injections to directory traversal to deserialization attacks, that led to its intrusions into the American public sector.

"KEYPLUG," said Mandiant, giving its nickname for APT41's Windows malware, "Is a modular backdoor written in C++ that supports multiple network protocols for command and control traffic including HTTP, TCP, KCP over UDP, and WSS.".

A US Health Sector Cybersecurity Coordination Center report [PDF] from last year reiterated a previous Mandiant finding that APT41 was "Attributable to Chinese individuals working on behalf of the Chinese government" who were also stealing data for private resale to enrich themselves.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/09/china_apt41_mandiant_usaherds/