Security News > 2024 > July > China's APT40 gang is ready to attack vulns within hours or days of public release.

Law enforcement agencies from eight nations, led by Australia, have issued an advisory that details the tradecraft used by China-aligned threat actor APT40 - aka Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk - and found it prioritizes developing exploits for newly found vulnerabilities and can target them within hours.

The advisory describes APT40 as a "State-sponsored cyber group" and the People's Republic of China as that sponsor.

Development of the advisory was led by Australia, because the Cyber Security Centre at the nation's Signals Directorate was made aware in 2022 of an APT40 attack on an unidentified local organization.

The advisory is the result, and suggests that APT40 "Possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) of new vulnerabilities and immediately utilize them against target networks possessing the infrastructure of the associated vulnerability." The gang also watches networks of interest to look for unpatched targets.

China-linked APT40 gang targets wind farms, Australian government Oh no Xi didn't?! China's hackers nick naval tech blueprints, diddle with foreign elections to boost trade - new claim New Zealand to world: China attacked us, too! Paying for WinRAR in all the wrong ways - Russia and China hitting ancient app.

Some of the vulns APT40 targets are old news - Log4J, Atlassian Confluence.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/09/apt_40_tradecraft_advisory/