APT41 Spies Broke Into 6 US State Networks via a Livestock App

The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.

USAHerds – an app used (PDF) by farmers to speed their response to diseases and other threats to their livestock – has itself become an infection vector, used to pry open at least six U.S. state networks by one of China’s most prolific state-sponsored espionage groups.

In a report published by Mandiant on Tuesday, researchers described a prolonged incursion conducted by APT41. They detected the activity in May 2021 and tracked it through last month, February 2022, observing the spy group pry open vulnerable, internet-facing web apps that were often written in ASP.NET.

APT41 – aka Winnti, Barium, Wicked Panda or Wicked Spider – is an advanced persistent threat (APT) actor known for nation state-backed cyberespionage, supply-chain hits and profit-driven cybercrime.

What’s the Point?

APT41’s goals are unknown, researchers said, though they’ve observed evidence of the attackers exfiltrating personal identifiable information (PII).

“Although the victimology and targeting of PII data is consistent with an espionage operation, Mandiant cannot make a definitive assessment at this time given APT41’s history of moonlighting for personal financial gain,” they

Read More: https://threatpost.com/apt41-spies-broke-into-6-us-state-networks-via-livestock-app/178838/