Global Security Agencies Issue Warning on APT40

share
Header image

Global Security Agencies Issue Warning on APT40

share

The China-backed group often hit softer targets such as unpatched devices.


The UK’s National Cyber Security Centre has issued an alert on the evolution of Chinese state-sponsored attacks.

The agency - along with partners from Australia, USA, Canada, New Zealand, Germany, the Republic of Korea and Japan - have focused on APT40, which it says is actively exploiting vulnerable small-office and home-office (SoHo) devices as a launching pad for attacks.

These devices are targeted as they are deemed to be “softer targets” when not running the latest software, or are no longer supported with security updates, and they more easily conceal malicious traffic.

Regular Reconnaissance

An advisory by the Australian Cyber Security Centre said “APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability.”

The group also regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies’ countries, looking for opportunities to compromise its targets. 

In particular, they conduct regular reconnaissance to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits. It has been conducting this activity since 2017.

Increasing Risk

The UK has previously attributed APT40 as being part of the Chinese Ministry of State Security and follow a warning made by the Director of GCHQ in May about the “genuine and increasing cyber risk to the UK” posed by China.   


Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Advanced Persistent threats (APTs), state adversaries, nation states Published: 9 July Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Iran war triggers cybercrime surge, report finds

Iran war triggers cybercrime surge, report finds

 Global cybercrime clampdown disrupts over 45K illicit IP addresses

Global cybercrime clampdown disrupts over 45K illicit IP addresses

 Russia-linked botnet found on UK firm's server

Russia-linked botnet found on UK firm's server
US Pulls Out of Global Cyber Cooperation: What Does it Mean for the UK and Europe?

US Pulls Out of Global Cyber Cooperation: What Does it Mean for the UK and Europe?

 EU must totally rethink cyber defense, chief says

EU must totally rethink cyber defense, chief says

 How insider threats are growing – And what to do about it

How insider threats are growing – And what to do about it
What to know about the UK Cyber Action Plan

What to know about the UK Cyber Action Plan