Chinese state-sponsored cyberespionage group infiltrates multiple U.S. state governments

Starting in May 2021, Chinese state-sponsored cyberespionage group APT41 targeted, and in several instances penetrated, the systems of U.S. state governments. Attempts to infiltrate the systems were initially thwarted by cybersecurity firm Mandiant. However, the group persevered and used a vulnerability in USAHerds, a commercial software used by state governments for agricultural tracking purposes, to eventually break in. While at least 18 state agencies employed the software, Mandiant assessed that only three states had their systems breached. The cyber-campaign escalated further with the disclosure of a vulnerability in the popular Log4j logging tool in December 2021. The campaign was still ongoing as of March 2022, with Mandiant finding that two more state systems were breached at the end of February 2022. APT41 has been tied to China’s Ministry of State Security by U.S. Intelligence officials and has historically performed state-sponsored and financially motivated cyberattacks.

About This Incident

Threat Actors: China

Incident Metadata

Date: May 2021 - Ongoing
Country: United States
Source: Source Source 2