It has been reported that cyber researchers have revealed a long-running hacking campaign that breached at least six US state governments over the past year. Chinese cyberespionage group APT41 used a vulnerability in web-based software USAHERDS to penetrate at least two of those targets. It may have hit many more, given that 18 states run USAHERDS on web servers” we also want to call out that there’s a Log4J tie here as well “when Apache Log4j was disclosed APT41 began exploiting the Log4j vulnerability almost immediately. No matter which vulnerability was being used, once inside the networks, APT41 tailored malware to the victim’s environment in order to make the attacks as effective as possible.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.