Targeting of American state governments' networks
Date of report
  • March 2022
The Chinese cyber threat group APT41 conducted an extended campaign targeting the networks of at least six U.S. state governments. For over a year, APT41 exploited internet-facing web applications and leveraged a zero-day vulnerability in the USAHerds application used by many state governments, gaining access to the broader networks of state governments. 
Suspected victims
  • The networks of at least six U.S. state governments
Suspected state sponsor
  • China
Type of incident
  • Espionage
Target category
  • Government
Victim government reaction
  • Unknown