The APT41 hacker group working for the Chinese government (aka Double Dragon) hacked government computer networks in six American states, including by exploiting a vulnerability in the farm animal accounting system, Mandiant experts said.
At the same time, researchers from Proofpoint told about the increasing cyberattacks of Chinese hackers on European governments. Both information security companies confirmed this week that Beijing has stepped up its cyber operations against Western countries.
As explained in Mandiant, APT41 exploited a zero-day vulnerability in the USAHerds web application used to monitor the health status and livestock population in the United States to penetrate state government systems. Having penetrated the networks, hackers deployed custom malware in them to run in Windows memory, which was periodically restarted as a scheduled task and thus maintained consistency on the system.
Experts called the malware KEYPLUG. It is a modular backdoor written in C++ and supports several network protocols for C&C traffic, including HTTP, TCP, KCP over UDP and WSS.
The purpose of the malicious campaign has not yet been established. APT41 stole personally identifiable information from compromised computers, but it is not yet known why.