"APT41 Spies Broke Into 6 US State Networks via a Livestock App"

Researchers at Mandiant have published a report describing an attack conducted by the China-affiliated state-sponsored cyberespionage group, APT41, also known as Winnti, Barium, Wicked Panda, or Wicked Spider. The group used Log4j vulnerabilities along with zero-day flaws in the USAHerds animal-tracking app to infiltrate multiple US state networks. The researchers detected APT41 activity in May 2021 and tracked it through February 2022, finding the group prying into vulnerable  Internet-facing web apps, often written in ASP.NET. In addition to nation-state backed cyberespionage, APT41 is known for supply chain attacks and profit-driven cybercrime. According to Mandiant, APT41 hacked into the state networks by exploiting a zero-day vulnerability in USAHerds that stems from the app's use of hard-coded credentials. The exploitation of this flaw enables Remote Code Execution (RCE) on the system that runs the USAHerd app. Mandiant's analysis found that APT41 began mounting attacks exploiting Log4j vulnerabilities within hours of the initial public disclosure of the flaws. They used the vulnerabilities to install backdoors on systems that would give them ongoing access later. This article continues to discuss APT41's infiltration of 6 US state networks through the exploitation of zero-day bugs contained by the USAHerds app and Log4j vulnerabilities. 

Threatpost reports "APT41 Spies Broke Into 6 US State Networks via a Livestock App"