Reported that the Chinese government-affiliated hacker group 'APT41' had captured government-affiliated networks in at least six states in the United States, and vulnerable to vulnerabilities such as Log4Shell.



Mandiant, a cyber security company

announced to be under the umbrella of Google on March 8, 2022, is a hacker group ' APT41 ' that is said to be receiving national support from the Chinese government. Reported that there was evidence of invasion.

Does This Look Infected? A Summary of APT41 Targeting US State Governments | Mandiant
https://www.mandiant.com/resources/apt41-us-state-governments

Hackers linked to Chinese government invaded US state networks, security firm says | South China Morning Post
https://www.scmp.com/news/china/diplomacy/article/3169750/hackers-linked-chinese-government-have-invaded-state-networks

Cyber firm: At least 6 US state governments hacked by China | AP News
https://apnews.com/article/technology-business-china-united-states-hacking-ffa2120239eb687ce1979bf9599dfea5

According to Mandiant, APT41 broke into the network used by the state government from May 2021 to February 2022 by exploiting a vulnerability in a web application for the Internet. The exploited vulnerabilities have been described as the worst zero-day vulnerabilities in the last decade, as well as the unknown zero-day vulnerabilities inherent in the animal health care application 'USA Herds' used in 18 states. For example, ' Log4Shell '. Regarding Log4Shell, APT41 began to abuse it just hours after the Log4Shell advisory was released, which has captured government networks in at least two states.

Below is a chronological chart of the series of attacks that APT41 launched against the US state government. In May 2021, a deserialization attack on a web application was launched against one state. On July 14th, the same deserialization attack was launched in different states, and on July 29th, the aforementioned USA Herds zero-day vulnerability was launched. Attacks on USA Herds were launched against two states in October and another against another state in December. In December, a new attack on Log4Shell was launched, which revealed that two states had been captured as of February 28, 2022.



There are 'at least' six state government networks captured by a series of attacks. Mandiant declined to announce which state the damaged government network belonged to, and the National Governors Association declined to comment at the time of the press.

As mentioned earlier, this attack took place between May 2021 and February 2022. At this time, the US side also charged five APT41 hackers on September 16, 2020, so Mandiant said, 'The charges could not prevent the attack.'

U.S. authorities prosecute Chinese cybercriminals in hacking cases targeting more than 100 companies and institutions-GIGAZINE



In addition, APT41 states that the US side is 'received the national support of the Chinese government', but the Chinese side is a group that says 'unfounded speculation'. The attacks allegedly carried out by APT41 so far are typically those against 'new coronavirus research-related institutions' such as government facilities, medical institutions, research institutes, and pharmaceutical companies in the coronavirus around March 2020.

China turns out to be hacking a new coronavirus research institute on a large scale-GIGAZINE



In addition, Mandiant, who reported on the APT41 attack this time, will be acquired by Google for $ 5.4 billion (about 625 billion yen) on March 8, 2022, the same day as this report, and will be integrated into Google Cloud. It was announced that.




in Security, Posted by darkhorse_log