Security News > 2024 > July > Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release.

"APT 40 has previously targeted organizations in various countries, including Australia and the United States," the agencies said.

"Notably, APT 40 possesses the ability to quickly transform and adapt vulnerability proofs-of-concept for targeting, reconnaissance, and exploitation operations."

Over the past few years, APT40 has been linked to intrusion waves delivering the ScanBox reconnaissance framework as well as the exploitation of a security flaw in WinRAR as part of a phishing campaign targeting Papua New Guinea to deliver a backdoor dubbed BOXRAT. Then earlier this March, the New Zealand government implicated the threat actor to the compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021.

"APT40 identifies new exploits within widely used public software such as Log4j, Atlassian Confluence, and Microsoft Exchange to target the infrastructure of the associated vulnerability," the authoring agencies said.

"APT40 regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies' countries, looking for opportunities to compromise its targets. This regular reconnaissance postures the group to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits."

News URL

https://thehackernews.com/2024/07/cybersecurity-agencies-warn-of-china.html