Header image

Global Security Agencies Issue Warning on APT40

The China-backed group often hit softer targets such as unpatched devices.


The UK’s National Cyber Security Centre has issued an alert on the evolution of Chinese state-sponsored attacks.

The agency - along with partners from Australia, USA, Canada, New Zealand, Germany, the Republic of Korea and Japan - have focused on APT40, which it says is actively exploiting vulnerable small-office and home-office (SoHo) devices as a launching pad for attacks.

These devices are targeted as they are deemed to be “softer targets” when not running the latest software, or are no longer supported with security updates, and they more easily conceal malicious traffic.

Regular Reconnaissance

An advisory by the Australian Cyber Security Centre said “APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability.”

The group also regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies’ countries, looking for opportunities to compromise its targets. 

In particular, they conduct regular reconnaissance to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits. It has been conducting this activity since 2017.

Increasing Risk

The UK has previously attributed APT40 as being part of the Chinese Ministry of State Security and follow a warning made by the Director of GCHQ in May about the “genuine and increasing cyber risk to the UK” posed by China.   


Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.