Categories
Brand

Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation

الجمعة، 26 يوليو 2024

"APT40 has previously targeted organizations in various countries, including Australia and the United States," the agencies said. "Notably, APT40 possesses the ability to quickly transform and adapt vulnerability proofs-of-concept (PoCs) for targeting, reconnaissance, and exploitation operations."

The adversarial collective, also known as Bronze Mohawk, Gingham Typhoon (formerly Gadolinium), ISLANDDREAMS, Kryptonite Panda, Leviathan, Red Ladon, TA423, and TEMP.Periscope, is known to be active since at least 2011, carrying out cyber attacks targeting entities in the Asia-Pacific region. It's assessed to be based in Haikou.

In July 2021, the U.S. and its allies officially attributed the group as affiliated with China's Ministry of State Security (MSS), indicting several members of the hacking crew for orchestrating a multiyear campaign aimed at different sectors to facilitate the theft of trade secrets, intellectual property, and high-value information.

Over the past few years, APT40 has been linked to intrusion waves delivering the ScanBox reconnaissance framework as well as the exploitation of a security flaw in WinRAR (CVE-2023-38831, CVSS score: 7.8) as part of a phishing campaign targeting Papua New Guinea to deliver a backdoor dubbed BOXRAT.

Then earlier this March, the New Zealand government implicated the threat actor to the compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021.

Leave your comment
*
*