A prolific state-backed hacker group from China has penetrated the networks of no less than six state governments within the U.S., new research from cybersecurity agency Mandiant reveals.

While we don’t know which state governments have been affected by the hacking marketing campaign, researchers say the group accountable is APT41—a well known risk actor that has an extended historical past of stirring up bother. In this case, the group is claimed to have spent the final 12 months exploiting a variety of susceptible platforms and applications to worm their approach into public companies. The intent of the hacking marketing campaign is considerably unclear, although APT41 is understood for its cyber espionage capabilities.

In a number of circumstances, the hackers are stated to have exploited an insecure farming app known as USAHERDS—quick for the Animal Health Emergency Reporting Diagnostic System—which is used by state governments to hint ailments in native livestock populations. USAHERDS, which is utilized by no less than 18 totally different states, had a beforehand unknown zero-day vulnerability which allowed the hackers to compromise any server operating this system. In different circumstances, APT41 exploited log4j, the unlucky, widely-used open-source software program program that was lately found to have main safety flaws.

APT41, which additionally goes by the monikers “Barium” and “Winnti,” is believed to have been energetic since way back to 2012. In addition to conducting espionage campaigns on behalf of the Chinese authorities, it is usually recognized for its important cybercrime operations. In 2020, 5 alleged members of the group were indicted in absentia by the U.S. Justice Department for a gargantuan hacking spree that concerned intrusions into the networks of dozens of personal firms and the theft of tens of millions of {dollars}. The indictment additional alleged the group was additionally concerned in a various array of legal actions, together with crypto-jacking, ransomware, and the theft of every kind of company proprietary data, together with “source code, software code signing certificates, customer account data, and valuable business information.”