Three separate Chinese state-sponsored advanced persistent threat groups have been observed targeting victims, including U.S. state governments, European diplomatic entities and Gmail accounts linked to the U.S. government. The first group, APT41, also known as Wicked Panda and Winti, is believed by researchers at Mandiant Inc. to have successfully compromised at least six U.S. state government networks. The APT did so by exploiting vulnerable internet-facing web applications, including using zero-day vulnerabilities in the USAHerds application and Apache Log4j. The campaign by APT41 ran between May 2021 and February 2022. While Chinese state-sponsored actors targeting networks in the west is not...