Skip to main content

China's APT40 gang is ready to attack vulns within hours or days of public release

posted onJuly 9, 2024
by l33tdawg
Wikipedia
Credit: Wikipedia

Law enforcement agencies from eight nations, led by Australia, have issued an advisory that details the tradecraft used by China-aligned threat actor APT40 – aka Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk – and found it prioritizes developing exploits for newly found vulnerabilities and can target them within hours.

The advisory describes APT40 as a "state-sponsored cyber group" and the People's Republic of China (PRC) as that sponsor. The agencies that authored the advisory – which come from Australia, the US, Canada, New Zealand, Japan, South Korea, the UK, and Germany – believe APT40 "conducts malicious cyber operations for the PRC Ministry of State Security (MSS)."

Development of the advisory was led by Australia, because the Cyber Security Centre (ACSC) at the nation's Signals Directorate was made aware in 2022 of an APT40 attack on an unidentified local organization. The ACSC secured the victim org's permission and "deployed host-based sensors to likely affected hosts on the organization's network." Info that flowed from those sensors allowed ACSC incident response analysts to map APT40 activities.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th