Warning - APT40 Espionage Group At Work

Cyber security government agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, Britain and the US have released a joint advisory about a China-linked cyber espionage group called APT40.

The Australian Signals Directorate (ASD) has since published the advisory warning about a China state-sponsored hacking group exploiting small-office/home-office devices as launchpads for further cyber attacks.

This notification follows the director of Britain’s cyber and signals intelligence agency GCHQ warning earlier this year of the “genuine and increasing cyber risk” posed by China.

The hacking group is also known as Bronze Mohawk, Gingham Typhoon (formerly Gadolinium), ISLANDDREAMS, Kryptonite Panda, Leviathan, Red Ladon, TA423, and TEMP.Periscope, is known to be active since at least 2013, carrying out cyber attacks targeting entities in the Asia-Pacific region and it is thought to be based in Haikou.

In July 2021, the US and its allies said that the group is affiliated with China's Ministry of State Security (MSS), indicting several members of the hacking crew for orchestrating a multi-year campaign aimed at different sectors to facilitate the theft of trade secrets, intellectual property, and high-value information.

Over the past few years, APT40 has been linked to hacking attack waves and earlier this March, the New Zealand government said the threat actor to the compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021.

Notable among the tradecraft employed by the state-sponsored hacking crew is the deployment of web shells to establish persistence and maintain access to the victim's environment, as well as its use of Australian websites for command-and-control (C2) purposes.

To mitigate the risks posed by such threats, organisations are recommended to maintain adequate logging mechanisms, enforce multi-factor authentication (MFA), implement a robust patch management system, replace end-of-life equipment, disable unused services, ports, and protocols, and segment networks to prevent access to sensitive data.

A spokesperson for the Chinese embassy in Canberra said China had a "consistent and clear position on this issue". "We oppose any groundless smears and accusations against China," the spokesperson said. "Keeping the cyberspace safe is a global challenge. In fact, China is a major victim of cyber attacks.

"We keep a firm stance against all forms of cyber attacks and resort to lawful methods in tackling them. China does not encourage, support or condone attacks launched by hackers."

The Hacker News     |     CISA     |     The Record     |     ABC     |     NBC News     |     Wall Street Journal

You Might Also Read: 

Chinese Hackers Have A Global Impact:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Human Error - The Weakest Point In Cyber Security 
Ransomware Attack Hits Global Card Processing Company »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ShmooCon

ShmooCon

ShmooCon is an annual east coast hacker convention offering three days of demonstrations and discussions of critical infosec issues.

Maryman & Associates

Maryman & Associates

Maryman & Associates are specialists in computer forensic investigations, incident response and e-discovery services.

US Cyber Command (USCYBERCOM)

US Cyber Command (USCYBERCOM)

USCYBERCOM conducts activities to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

Quantstamp

Quantstamp

Quantstamp are experts in Smart Contract Security Audits. We provide verification that your decentralized system works as intended.

Plug and Play Tech Center

Plug and Play Tech Center

Plug and Play is the ultimate innovation platform, bringing together the best startups and the world’s largest corporations.

Internet Infrastructure Investigation

Internet Infrastructure Investigation

Internet Infrastructure Investigation offers a bespoke Internet Governance Solution to your brands online infringement problems.

Zercurity

Zercurity

Zercurity is on a mission to build the ultimate cybersecurity operations platform for businesses. To help protect against a growing number of internal and external threats.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

Halborn

Halborn

Elite blockchain cybersecurity. Award-winning ethical blockchain hackers to secure your stack end-to-end. Far beyond smart contracts.

ZainTech

ZainTech

Zaintech is a regional digital & ICT solutions provider offering comprehensive digital solutions and services to enterprise and government customers in the MENA region.

SecurityBridge

SecurityBridge

SecurityBridge provide a cybersecurity connection between our customers’ IT departments, the forward-facing business services, and their SAP applications.

Oxford Information Labs (OXIL)

Oxford Information Labs (OXIL)

Oxford Information Labs brings together world-class software programmers and policy experts to provide a unique mix of expertise and hands on technical solutions.

EasySec Solutions

EasySec Solutions

EasySec Solutions provides a cyber-security platform, based on a combination of the zero trust model and the software-defined security management.

Screwloose IT

Screwloose IT

Screwloose IT are a national provider of information technology services. We specialise in managed IT, cloud services, cyber security, website design and digital marketing for businesses of all sizes.