Security News > 2024 > July > Chinese APT40 group swifly leverages public PoC exploits

Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns.

APT 40 "Appears to prefer exploiting vulnerable, public-facing infrastructure over techniques that require user interaction, such as phishing campaigns," and has been known to exploit vulnerabilities in software such as Log4J, Atlassian Confluence and Microsoft Exchange.

Use web shells to secure persistence on target networks Use system commands for reconnaissance and a variety of methods to compromise valid credentials.

Impair targets' defenses, masking their activities, and removing indicators of compromise.

The security advisory includes two anonymized investigative reports by the Australian Signals Directorate's Australian Cyber Security Centre, whose security experts helped investigate two of APT40's successful intrusions.

The reports point out the various tools, tactics and techniques employed by the cyberespionage-focused threat actor, including a predilection for compromising credentials for privileged accounts, and a penchant for using end-of-life or unpatched small-office/home-office devices as a launching point for attacks.

News URL

https://www.helpnetsecurity.com/2024/07/09/apt40-poc-exploits/