Several Chinese backed ATPs were able to breach US government agency systems.

A critical GeoServer vulnerability was exploited by attackers to breach a US federal civilian agency, enabling remote code execution and lateral movement across servers. The attackers deployed web shells like China Chopper, used privilege escalation techniques, and remained undetected for three weeks. CISA noted the agency missed key alerts and lacked endpoint protection, despite being within the patching window. While attribution remains unclear, the tools used suggest links to China-based threat groups such as APT41 and Silk Typhoon.

Read more:

https://www.securityweek.com/geoserver-flaw-exploited-in-us-federal-agency-hack/