Chinese Spies Hacked a Livestock App to Breach US State Networks

The web-based software known as the Animal Health Emergency Reporting Diagnostic System, or USAHERDS, serves as a helpful digital tool for state governments to track and trace animal disease through populations of livestock. Now it's turned out to be a kind of infection vector of its own—in the hands of one of China's most prolific groups of hackers.

On Tuesday, the cybersecurity incident-response firm Mandiant revealed a long-running hacking campaign that breached at least six US state governments over the past year. Mandiant says the campaign, which it believes to have been the work of the notorious Chinese cyberespionage group APT41—also known as Barium, or as a part of the larger Chinese hacker group Winnti—used a vulnerability in USAHERDS to penetrate at least two of those targets. It may have hit many more, given that 18 states run USAHERDS on web servers, and any of those servers could have been commandeered by the hackers.

APT41 has gained a reputation as one of China's most aggressive hacking groups. The US Department of Justice indicted five of its members in absentia in 2020 and accused them of hacking into hundreds of victims' systems across Asia and the West, both for state-sponsored espionage and for profit. The group’s goal in this latest series of intrusions, or what data they may have been seeking, remains a mystery. But Mandiant analyst Rufus Brown says that it nonetheless shows just how active APT41 remains, and how inventive and thorough it's been searching for any toehold that might allow them into yet another set of targets—even an obscure livestock management tool most Americans have never heard of.