Security News > 2024 > July > Chinese APT40 group swifly leverages public PoC exploits
Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns.
APT 40 "Appears to prefer exploiting vulnerable, public-facing infrastructure over techniques that require user interaction, such as phishing campaigns," and has been known to exploit vulnerabilities in software such as Log4J, Atlassian Confluence and Microsoft Exchange.
Use web shells to secure persistence on target networks Use system commands for reconnaissance and a variety of methods to compromise valid credentials.
Impair targets' defenses, masking their activities, and removing indicators of compromise.
The security advisory includes two anonymized investigative reports by the Australian Signals Directorate's Australian Cyber Security Centre, whose security experts helped investigate two of APT40's successful intrusions.
The reports point out the various tools, tactics and techniques employed by the cyberespionage-focused threat actor, including a predilection for compromising credentials for privileged accounts, and a penchant for using end-of-life or unpatched small-office/home-office devices as a launching point for attacks.
News URL
https://www.helpnetsecurity.com/2024/07/09/apt40-poc-exploits/
Related news
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- PoC exploit for SysAid pre-auth RCE released, upgrade quickly! (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
- Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks (source)
- Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks (source)