Header image

Global Security Agencies Issue Warning on APT40

The China-backed group often hit softer targets such as unpatched devices.


The UK’s National Cyber Security Centre has issued an alert on the evolution of Chinese state-sponsored attacks.

The agency - along with partners from Australia, USA, Canada, New Zealand, Germany, the Republic of Korea and Japan - have focused on APT40, which it says is actively exploiting vulnerable small-office and home-office (SoHo) devices as a launching pad for attacks.

These devices are targeted as they are deemed to be “softer targets” when not running the latest software, or are no longer supported with security updates, and they more easily conceal malicious traffic.

Regular Reconnaissance

An advisory by the Australian Cyber Security Centre said “APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability.”

The group also regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies’ countries, looking for opportunities to compromise its targets. 

In particular, they conduct regular reconnaissance to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits. It has been conducting this activity since 2017.

Increasing Risk

The UK has previously attributed APT40 as being part of the Chinese Ministry of State Security and follow a warning made by the Director of GCHQ in May about the “genuine and increasing cyber risk to the UK” posed by China.   


Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

08
Aug
Webinar

How to Automate the Lifecycle of Joiners, Movers, and Leavers With No-Code Solutions

Streamlining the lifecycle of joiners, movers, and leavers using no-code automation

The process of onboarding new employees and quickly removing departing staff profiles can be both time-consuming and labour-intensive.
In this live webinar, we will look at how to streamline these processes to save time and resources, and providing a smooth experience for both admins and employees.

Key takeaways:
  • Understanding the importance of securing the joiners, movers and leavers process
  • Exploring successful attacks that occurred due to errors in managing these transitions
  • Discover which advanced controls can be utilized
image image image