APT41, a Chinese-affiliated state-sponsored threat actor, violated at least six state government networks in the United States between May 2021 and February 2022 by retooling its attack vectors to exploit vulnerable internet-facing web applications. The exploited threats included “a zero-day vulnerability in the USAHERDS application (CVE-2021-44207) as well as the now infamous zero-day in Log4j (CVE-2021-44228),” according to Mandiant researchers in a report issued Tuesday. The continual attacks included the weaponization of exploiting deserialization, SQL injection, and directory traversal vulnerabilities, in addition to web compromises, according to the cybersecurity and incident response firm. The illustrious advanced continual threat, also known...