A hacker group backed by the Chinese government has breached the networks of at least six US state governments in the past year.
Experts are warning of a group of cybercriminals that has been targeting state government computer networks in the United States, according to a new report from American cybersecurity firm Mandiant.
The hacker collective, known as APT41, has been deliberately cyber-attacking state-level government networks from May 2021 to February 2022.
The group has successfully comprised at least six states’ government networks through the “exploitation of vulnerable Internet-facing web applications, often written in ASP.NET,” the report noted.
In most of the successfully breached web applications, APT41 conducted deserialization attacks, which is when untrusted data is used to inflict a service attack (DoS attack), execute code, or bypass authentication.
Other times, the bad actors exploited SQL injection and directory traversal vulnerabilities, which is a common attack that utilizes malicious SQL code to access backend databases.
In those instances, Mandiant Managed Defense was able to detect and contain the attack; however, APT41 re-compromised the network using “exploiting a previously unknown zero-day vulnerability in a commercial-off-the-shelf (CoTS) application, USAHerds,” the report said.
The hacker collective has been deliberately cyber-attacking state-level government networks from May 2021 to February 2022.Silas Stein/dpa/Sipa USA
Experts at Mandiant said that the extent of the attacks and breaches could include more than six US states’ networks.
“We say ‘at least six states’ because there are likely more states affected, based on our research, analysis, and communications with law enforcement,” Rufus Brown, a senior threat analyst at Mandiant, told The Verge.
“We know that there are 18 states using USAHerds, so we assess that this is likely a broader campaign than the six states where we have confirmation,” he added.
As recently as February, APT41 re-compromised two US state governments it has previously breached in what appears to be a continuation of their campaign from 2021.
Mandiant said that while APT41’s goals remain unknown, their investigations into each of these breaches have illuminated “a variety of new techniques, malware variants, evasion methods, and capabilities.”
In other news, the creators of a chilling new horror game say that the title is so disturbing they’ve been forced to censor it on PlayStation.
Apple has announced updates to AirTags following claims that the coin-sized tracking devices are being used to stalk people.
And TikTok has announced new rules, banning users who deadname or misgender others.
This story originally appeared on The Sun and has been reproduced here with permission.