Warning - APT40 Espionage Group At Work

Cyber security government agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, Britain and the US have released a joint advisory about a China-linked cyber espionage group called APT40.

The Australian Signals Directorate (ASD) has since published the advisory warning about a China state-sponsored hacking group exploiting small-office/home-office devices as launchpads for further cyber attacks.

This notification follows the director of Britain’s cyber and signals intelligence agency GCHQ warning earlier this year of the “genuine and increasing cyber risk” posed by China.

The hacking group is also known as Bronze Mohawk, Gingham Typhoon (formerly Gadolinium), ISLANDDREAMS, Kryptonite Panda, Leviathan, Red Ladon, TA423, and TEMP.Periscope, is known to be active since at least 2013, carrying out cyber attacks targeting entities in the Asia-Pacific region and it is thought to be based in Haikou.

In July 2021, the US and its allies said that the group is affiliated with China's Ministry of State Security (MSS), indicting several members of the hacking crew for orchestrating a multi-year campaign aimed at different sectors to facilitate the theft of trade secrets, intellectual property, and high-value information.

Over the past few years, APT40 has been linked to hacking attack waves and earlier this March, the New Zealand government said the threat actor to the compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021.

Notable among the tradecraft employed by the state-sponsored hacking crew is the deployment of web shells to establish persistence and maintain access to the victim's environment, as well as its use of Australian websites for command-and-control (C2) purposes.

To mitigate the risks posed by such threats, organisations are recommended to maintain adequate logging mechanisms, enforce multi-factor authentication (MFA), implement a robust patch management system, replace end-of-life equipment, disable unused services, ports, and protocols, and segment networks to prevent access to sensitive data.

A spokesperson for the Chinese embassy in Canberra said China had a "consistent and clear position on this issue". "We oppose any groundless smears and accusations against China," the spokesperson said. "Keeping the cyberspace safe is a global challenge. In fact, China is a major victim of cyber attacks.

"We keep a firm stance against all forms of cyber attacks and resort to lawful methods in tackling them. China does not encourage, support or condone attacks launched by hackers."

The Hacker News     |     CISA     |     The Record     |     ABC     |     NBC News     |     Wall Street Journal

You Might Also Read: 

Chinese Hackers Have A Global Impact:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Human Error - The Weakest Point In Cyber Security 
Ransomware Attack Hits Global Card Processing Company »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

Cysec - TU Darmstadt

Cysec - TU Darmstadt

CYSEC is the Cybersecurity faculty of the Technical University of Darmstadt and performs internationally renowned research in numerous areas of cybersecurity.

Dermalog Identification Systems

Dermalog Identification Systems

Dermalog Identification Systems is a pioneer in biometry and the largest German manufacturer of biometric devices and systems.

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC) is a government body providing support for ICT related activities including formulating national ICT strategy and policy.

Crayonic

Crayonic

Crayonic digital identity technologies protect and guarantee the identity of people and things.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

SHIELD

SHIELD

SHIELD are the world’s leading cybersecurity company specializing in cyber fraud and identity solutions.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.

DeVry University - Cyber Security Degree

DeVry University - Cyber Security Degree

Explore the dynamic world of data protection with a hybrid or online cyber security degree specialization with DeVry's IT & Networking Bachelor's Degree.

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

Artifice Security

Artifice Security

Artifice Security will demonstrate real-world attacks on your network, web applications, infrastructure, and personnel to expose your hidden security risks.

Gathid

Gathid

Gathid is a unique and versatile identity governance platform providing organizations with the ability to model, explore, audit, and track complex access-related scenarios.

Faddom

Faddom

Faddom is an agentless tool that visualizes your on-premises and cloud infrastructure, as well as their inter-dependencies.

Right Hand Technology Group (RHTG)

Right Hand Technology Group (RHTG)

Right Hand Technology Group is a premier provider of IT services specializing in cybersecurity, managed IT solutions, and compliance.