Reportseverity: High2022-03-08

APT41 compromises at least six U.S. state government networks

published by Mandiant

Actor

APT41CN · ChinaAPT

Chinese state-affiliated group notable for blending espionage with financially-motivated operations (game-industry currency theft, cryptocurrency). Implicated in multiple software supply-chain compro…

Summary

Mandiant reported that APT41 successfully compromised at least six U.S. state government networks between May 2021 and February 2022 via web-application exploitation, including rapid weaponization of zero-day vulnerabilities in USAHerds and Log4j.

Primary source

cloud.google.com

Other APT41 events

2025-05-28Google GTIG disrupts APT41 TOUGHPROGRESS Google-Calendar-C2 campaign
2020-09-16DOJ indicts five APT41 members for global intrusions
2017-09-18CCleaner supply-chain compromise attributed to APT41

Summary

Tags

Primary source

Other APT41 events