Security News > 2024 > July > Chinese APT40 group swifly leverages public PoC exploits
Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns.
APT 40 "Appears to prefer exploiting vulnerable, public-facing infrastructure over techniques that require user interaction, such as phishing campaigns," and has been known to exploit vulnerabilities in software such as Log4J, Atlassian Confluence and Microsoft Exchange.
Use web shells to secure persistence on target networks Use system commands for reconnaissance and a variety of methods to compromise valid credentials.
Impair targets' defenses, masking their activities, and removing indicators of compromise.
The security advisory includes two anonymized investigative reports by the Australian Signals Directorate's Australian Cyber Security Centre, whose security experts helped investigate two of APT40's successful intrusions.
The reports point out the various tools, tactics and techniques employed by the cyberespionage-focused threat actor, including a predilection for compromising credentials for privileged accounts, and a penchant for using end-of-life or unpatched small-office/home-office devices as a launching point for attacks.
News URL
https://www.helpnetsecurity.com/2024/07/09/apt40-poc-exploits/
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)