An app used by farmers to speed their response and other threats to livestock, USAHerds, has allowed one of China’s state-sponsored espionage groups to access six U.S. state networks. Mandiant detected the activity, a prolonged incursion by APT41, in May 2021 and tracked it until February 2022. Vulnerable, internet facing web apps that were often written in ASP.NET were opened by the spy group. APT41 used a zero-day flaw in USAHerds to compromise any server on the internet running USAHerds, therefore it is expected that there are more victims than just the six state networks.
APT41 is also known as Winnti, Barium, Wicked Panda or Wicked Spider and is an advanced persistent threat (APT) actor known for state-backed cyberespionage, profit-driven cybercrime and supply-chain hits. The goals of APT41 are unknown, however personal identifiable information has been exfiltrated. Mandiant has not made a decision if the operation was an espionage operation or for personal financial gain of APT41.
Read more: APT41 Spies Broke Into 6 US State Networks via a Livestock App
