New hacking activities by APT-41 (China)

APT41 spies broke into 6 US state networks via a livestock app. The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.

In a report published by Mandiant on Tuesday, researchers described a prolonged incursion conducted by APT41. They detected the activity in May 2021 and tracked it through last month, February 2022, observing the spy group pry open vulnerable, internet-facing web apps that were often written in ASP.NET.

APT41 – aka Winnti, Barium, Wicked Panda, or Wicked Spider – is an advanced persistent threat (APT) actor known for nation-state-backed cyber espionage, supply-chain hits, and profit-driven cybercrime.

Back in 2020, DoJ indicted five Chinese nationals linked to APT-41 for allegedly hacking into more than 100 companies in the U.S. and abroad, including social-media firms, universities & telecoms.

https://www.mandiant.com/resources/apt41-us-state-governments

Toyota halted production at all 14 of its Japanese factories due to a cyberattack against Kojima Industries -- an auto parts supplier. The supplier Kojima, whose website remains down as of Tuesday, first identified the attack on Saturday & subsequently shut down its entire computer network to prevent the malware from spreading. Overall, one-third of Toyota’s annual production is represented by Japanese factories.

Lessons learned: you are only as secure as your least-secure vendor. Recommendations on managing supply chain risks:

• Incorporate a higher probability of third-party attacks into threat models & vendor risk management policies.
• Review third-party MSPs’, cloud providers’ & software vendors’ access levels -- minimize to the extent possible.
• When existing partners don’t measure up, require them to make improvements.
• Do not do business with third-parties whose security practices are inadequate.

https://www.nytimes.com/2022/02/28/business/toyota-stoppage-cyberattack.html?