APT41 Targeting U.S. State Government Networks

Mandiant reports that APT41 conducted a months-long campaign (May 2021–Feb 2022) against U.S. state government networks by exploiting internet-facing ASP.NET web applications (notably a USAHerds zero-day and Log4j), deploying multiple malware families (KEYPLUG, DEADEYE, DUSTPAN), performing credential harvesting and Active Directory reconnaissance, and exfiltrating PII; the report includes detailed TTPs, IOCs (hashes, IPs, domains), and hunting/YARA rules.