A prolific state-backed hacker group from China has penetrated the networks of at least six state governments in the U.S., new research from cybersecurity firm Mandiant reveals.
While we don’t know which state governments were affected by the hacking campaign, researchers say the group responsible is APT41—a well-known threat actor that has a long history of stirring up trouble. In this case, the group is said to have spent the last year exploiting a number of vulnerable platforms and programs to worm their way into public agencies. The intent of the hacking campaign is somewhat unclear, though APT41 is known for its cyber espionage capabilities.
In several cases, the hackers are said to have exploited an insecure farming app called USAHERDS—short for the Animal Health Emergency Reporting Diagnostic System—which is used by state governments to trace diseases in local livestock populations. USAHERDS, which is used by at least 18 different states, had a previously unknown zero-day vulnerability which allowed the hackers to compromise any server running the program. In other cases, APT41 exploited log4j, the unfortunate, widely-used open-source software program that was recently discovered to have major security flaws.
APT41, which also goes by the monikers “Barium” and “Winnti,” is thought to have been active since as far back as 2012. In addition to conducting espionage campaigns on behalf of the Chinese government, it is also known for its significant cybercrime operations. In 2020, five alleged members of the group were indicted in absentia by the U.S. Justice Department for a gargantuan hacking spree that involved intrusions into the networks of dozens of private companies and the theft of millions of dollars. The indictment further alleged the group was also involved in a diverse array of criminal activities, including crypto-jacking, ransomware, and the theft of all kinds of corporate proprietary information, including “source code, software code signing certificates, customer account data, and valuable business information.”