In a recent blog post by Mandiant, security researchers detail techniques used by the Chinese state-sponsored threat actor APT41 against the government networks of multiple U.S. states between the months of May 2021 and February 2022. During this period, the company observed the use of various zero day vulnerabilities, including the notorious Log4j vulnerability, to successfully compromise applications used by at least six states. One of those applications was USAHerds, which assists in tracking animal disease outbreaks, and was exploited with a unique zero day that was likely uncovered by APT41 members.
This campaign is a continued demonstration of China’s determination and maturity when targeting U.S. government networks. In addition to the previously unknown USAHerds vulnerability (of which there is a patch available), the blog specifically notes how rapidly APT41 was able to integrate Log4j into their attacks within hours after it was publicly disclosed. Since the primary goal of APT41 was establishing a more secure foothold in U.S. state networks, their attack surface is broad. Any vulnerable external web application server, such as USAHerds, is an attractive target to obtain presence on the network and install backdoors for further activity. Read more at Mandiant.