A group of hackers with links to the Chinese government compromised the computer networks in six U.S. state governments as part of a campaign that included the exploitation of internet-facing web applications and the use of the Log4j vulnerability, The Wall Street Journal reported Wednesday.

Cybersecurity firm Mandiant conducted investigations into the activity of the hacking group, called Advanced Persistent Threat 41, and found that the threat actors gained access to the computer systems of the state governments as part of the campaign that started in May 2021.

In February, two of the previously identified state governments were compromised again by the APT 41 group, according to researchers at Mandiant. They also found evidence of personal identifiable information being exfiltrated by the group.

“APT 41 continues to pose a significant threat to public and private organizations alike around the world,” said Geoff Ackerman, principal threat analyst at Mandiant. “We have found them everywhere, and that is unnerving.”

In December, the Cybersecurity and Infrastructure Security Agency urged federal civilian agencies to immediately patch the Log4j vulnerability.

The Department of Justice indicted five Chinese citizens in 2020 for alleged compromise of more than 100 companies in the U.S. and abroad. Federal prosecutors said those alleged threat actors were part of the APT 41 group and were linked to China’s state security ministry.

The Securities and Exchange Commission has proposed to amend its rules to improve and standardize disclosures by public companies regarding incident reporting, cybersecurity risk management, governance and strategy.

The proposal would require current reporting of material cyber incidents and periodic reporting to offer updates on previously reported attacks as well as direct periodic reporting of a registrant’s policies to manage cyber vulnerabilities and cyber risk oversight of the registrant’s board of directors, SEC said Wednesday.

SEC also proposed annual reporting requirements about the cyber expertise of the board of directors. Periodic reporting would also be required about the management’s role in cyber risk assessment and implementation of cyber policies.

“Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks. … I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner,” said SEC Chair Gary Gensler.

“I am pleased to support this proposal because, if adopted, it would strengthen investors’ ability to evaluate public companies’ cybersecurity practices and incident reporting,” Gensler added.

The proposed rules will be open for public comments once published in the Federal Register or on the commission’s website.

The FBI has reported that the RagnarLocker ransomware has affected 52 entities across 10 critical infrastructure sectors, including financial services, energy and information technology, as of January.

RagnarLocker, which the FBI came upon in April 2020, deploys with changing obfuscation techniques to stay unnoticed, the agency said in a FLASH report published on Monday.

Associated cyber actors use the “.RGNR_<ID>” extension for RagnarLocker and provide a .txt file containing the instructions to decrypt data locked by the ransomware.

RagnarLocker targets attached hard drives using CreateFileW, DeviceIoControl, GetLogicalDrives and SetVolumeMountPointA application programming interfaces on Windows.

The ransomware terminates services that managed service providers use to remotely handle networks, then locks files via encryption. The malware also prevents file recovery by deleting volume shadow copies.

FBI recommends organizations implement a number of mitigation practices, such as securing back-ups, patching computers and using multi-factor authentication.