Security News > 2022 > October > China-linked Budworm burrows hole in US legislature systems

Advanced persistent threat group Budworm has shifted targets after hitting the Middle East, Europe and Asia, and was caught this week trying to break into the systems of an unnamed US state legislature.
Symantec's Threat Hunter team reported the intrusion, saying it has all the hallmarks of an attack from Chinese-linked Budworm gang, which is thought to be state-sponsored.
"Budworm is known for mounting ambitious attacks against high-value targets," Symantec said, pointing to attacks against an unnamed Middle Eastern government and East Asian hospital as evidence.
That's not great news, as Symantec sees it: With two high-value US targets attacked in a few months, "a resumption of attacks against US-based targets could signal a change in focus for the group."
"Local Republicans thought they could throw away , , and my signs without getting caught. Luckily a community member put an airtag in one [of] the signs and it led us to this dumpster," Shusterman tweeted along with a photo of a trash bin filled with campaign signs.
As The Register reported earlier this week, the bug could allow "An unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests," but now we have a better understanding of just what happened.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/10/17/in-brief-security/
Related news
- China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- China’s FamousSparrow flies back into action, breaches US org after years off the radar (source)
- Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China (source)
- China reportedly admitted directing cyberattacks on US infrastructure (source)
- China names alleged US snoops over Asian Winter Games attacks (source)