Security News > 2021 > July > US indicts members of Chinese-backed hacking group APT40

US indicts members of Chinese-backed hacking group APT40
2021-07-19 14:44

Today, the US Department of Justice indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018.

Wu Shurong, the fourth Chinese national indicted today by the DOJ, was hired through Hainan Xiandun to create malware, hack into foreign governments' computer systems, companies, and universities to steal trade secrets, intellectual property, and other high-value information, as well as to supervise other Hainan Xiandun hackers.

Examples of APT40 activity include targeting maritime industries and naval defense contractors in the US and Europe, regional opponents of the Belt and Road Initiative, multiple Cambodian electoral entities in the run-up to the 2018 election per UK's National Cyber Security Centre.

The APT40 operators used multiple tactics to breach their targets' networks, including spearphishing emails, hijacked credentials, as well as malware which helped gain initial access to victim systems, move laterally within networks, and steal credentials.

The NSA, CISA, and FBI also issued a joint advisory with over 50 tactics, techniques, and procedures that APT40 and other Chinese-backed threat groups have used in attacks targeting the US and allied networks.

Last but not least, the indictment of the four APT40 members comes after the US and allies, including the European Union, the United Kingdom, and NATO, have today officially accused China of coordinating this year's widespread Microsoft Exchange hacking campaign.


News URL

https://www.bleepingcomputer.com/news/security/us-indicts-members-of-chinese-backed-hacking-group-apt40/