Security News > 2022 > October > China-linked Budworm burrows hole in US legislature systems

Advanced persistent threat group Budworm has shifted targets after hitting the Middle East, Europe and Asia, and was caught this week trying to break into the systems of an unnamed US state legislature.

Symantec's Threat Hunter team reported the intrusion, saying it has all the hallmarks of an attack from Chinese-linked Budworm gang, which is thought to be state-sponsored.

"Budworm is known for mounting ambitious attacks against high-value targets," Symantec said, pointing to attacks against an unnamed Middle Eastern government and East Asian hospital as evidence.

That's not great news, as Symantec sees it: With two high-value US targets attacked in a few months, "a resumption of attacks against US-based targets could signal a change in focus for the group."

"Local Republicans thought they could throw away , , and my signs without getting caught. Luckily a community member put an airtag in one [of] the signs and it led us to this dumpster," Shusterman tweeted along with a photo of a trash bin filled with campaign signs.

As The Register reported earlier this week, the bug could allow "An unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests," but now we have a better understanding of just what happened.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/17/in-brief-security/