US state flagged bugs in software exploited in alleged China hack

USA & World

US state flagged bugs in software exploited in alleged China hack

Kuala Lumpur, Malaysia – The US state of Montana suspended use of an agricultural database to improve its security months before its developer had to fix security flaws that were exposed in a suspected Chinese state-sponsored cyberattack, newly obtained documents show.

The Montana Department of Agriculture temporarily took the USAHERDS web-based software offline last year to allow the application’s developer to beef up security following an unspecified “event,” according to the documents obtained by Al Jazeera.

The security upgrade came several months before Acclaim Systems, the Pennsylvania-based developer of the application, released a patch in November to fix vulnerabilities exploited in an alleged hacking campaign by APT41, a China-based group that cybersecurity experts and US officials say carries out espionage on behalf of Beijing.

It is unclear if the event that prompted the more recent changes to USAHERDS, which is used to track livestock by at least 18 US states, had any connection to the APT41 attack, which was revealed in March following an investigation by US cybersecurity firm Mandiant.

Mandiant’s report into that hacking campaign said APT41 had compromised the networks of at least six US state governments but did not mention any of the states by name.

China has repeatedly said it opposes all cyberattacks and would never support or encourage such activity.

Acclaim Systems

In a letter to Montana’s agriculture department last year, Acclaim Systems Executive Director David P Burgess said that changes his firm had been requested to implement following an “event” in Montana had been “completed and tested” and could be “deployed to your staging area for testing when you allow it”.

“This letter is to outline that we have made those suggested changes so that this application can be brought back online for use in Montana,” Burgess said in the letter, which is dated August 6, 2021.

The exact nature of the event and the security changes, including who requested them, are unclear as officials in Montana, a mostly rural, western state, redacted significant portions of the letter before releasing it to Al Jazeera, although the visible text shows that the security upgrade included new coding.

Burgess’s letter also refers to “other requests” his firm has received from the department and expresses his desire to address “other areas of concern”.

“We are doing our part to help harden this environment,” Burgess said.

In October, when Manidant says APT41’s exploitation of USAHERDS became widespread across multiple states, Montana’s agriculture department received a notification from a United States government-backed cyber threat monitoring centre advising that the application had been compromised, the documents also show.

The contents of the alert, which was sent by the Multi-State Information Sharing and Analysis Center, were redacted in full by state officials before its release.

Acclaim emails

Al Jazeera obtained the letter and other related documents via a public records request with Montana’s agriculture department.

The Montana Department of Agriculture, Montana Department of Administration, Acclaim Systems representatives, and Mandiant either declined to comment or did not respond to inquiries. The National Agribusiness Technology Center, a non-profit corporation that oversees the USAHERDS network, also did not respond to a request for comment.

MS-ISAC

Agriculture has become an increasingly common target for cyberattacks in recent years amid the sector’s growing digitalisation and perceptions that it is a soft target compared with other industries, according to cybersecurity experts.

The US cybersecurity firm CrowdStrike said in a 2020 report that it had witnessed a tenfold increase in cyber intrusions affecting the agriculture industry during a 10-month period alone.

In April, the Federal Bureau of Investigation issued an advisory warning farmers to be on guard against ransomware attacks during the harvest and planting seasons, pointing to a series of attacks on grain companies and agricultural coops during the previous year.

Adam Meyers, head of intelligence at CrowdStrike, said the agricultural sector has become a valuable target for both cybercriminals and state actors, with Chinese and North Korean-affiliated hackers leading industrial espionage efforts around the world.

“Both climate change and the conflict in Ukraine continue to put additional pressure on international food supplies as threats to agriculture continue to proliferate,” Meyers told Al Jazeera. “Digital agriculture continues to rely heavily on advanced technology, which is highly sought after for industrial espionage purposes.”