APT40

內容

APT40, also known as BRONZE MOHAWK (by Secureworks),[1] FEVERDREAM, G0065, GADOLINIUM (formerly by Microsoft),[2] Gingham Typhoon[3] (by Microsoft), GreenCrash, Hellsing (by Kaspersky),[4] Kryptonite Panda (by Crowdstrike), Leviathan (by Proofpoint),[5] MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper, is an advanced persistent threat operated by the Hainan State Security Department, a branch of the Chinese Ministry of State Security located in Haikou, Hainan, China, and has been active since at least 2009.

APT40

Formationc. 2009[1]TypeAdvanced persistent threatPurposeCyberespionage,HeadquartersHainan Province

Region

Official language

Parent organization

Formerly called

APT40
Kryptonite Panda
Hellsing
Leviathan
TEMP.Periscope
Temp.Jumper
Gadolinium
GreenCrash
Bronze Mohawk

APT40 has targeted governmental organizations, companies, and universities in a wide range of industries, including biomedical, robotics, and maritime research, across the United States, Canada, Europe, the Middle East, and the South China Sea area, as well as industries included in China's Belt and Road Initiative.[6] APT40 is closely connected to Hafnium.[7]

On July 19, 2021, the U.S. Department of Justice (DOJ) unsealed an indictment against four APT40 cyber actors for their illicit computer network exploitation activities via front company Hainan Xiandun Technology Development Company.[6]

In March 2024, the New Zealand Government and its signals intelligence agency Government Communications Security Bureau accused the Chinese government via APT40 of breaching its parliamentary network in 2021.[8] In July 2024, eight nations released a joint advisory on APT40.[9]

  1. ^ "BRONZE MOHAWK | Secureworks". Archived from the original on 2022-07-02. Retrieved 2022-07-27.
  2. ^ "Microsoft Security—detecting empires in the cloud". Microsoft. 24 September 2020. Archived from the original on 27 July 2022. Retrieved 27 July 2022.
  3. ^ "How Microsoft names threat actors". Microsoft. Archived from the original on 10 July 2024. Retrieved 21 January 2024.
  4. ^ "Hellsing Targeted Attacks". 13 January 2021. Archived from the original on 27 July 2022. Retrieved 27 July 2022.
  5. ^ "Leviathan: Espionage actor spearphishes maritime and defense targets | Proofpoint US". 16 October 2017. Archived from the original on 28 May 2022. Retrieved 27 July 2022.
  6. ^ a b National Cyber Awareness System (19 July 2021). "Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China's MSS Hainan State Security Department". Cybersecurity and Infrastructure Security Agency. Archived from the original on 19 July 2021. Retrieved 19 July 2021.
  7. ^ Mackie, Kurt (July 19, 2021). "White House Says China's APT40 Responsible for Exchange Hacks, Ransomware Attacks -- Redmondmag.com". Redmondmag. Archived from the original on May 17, 2022. Retrieved April 24, 2022.
  8. ^ Pearse, Adam (26 March 2024). "Parliament systems targeted by China-based hackers". The New Zealand Herald. Archived from the original on 26 March 2024. Retrieved 28 March 2024.
  9. ^ Cherney, Mike (July 9, 2024). "U.S., Allies Issue Rare Warning on Chinese Hacking Group". The Wall Street Journal. Archived from the original on July 9, 2024. Retrieved July 9, 2024.
總結
APT40, also known as BRONZE MOHAWK, FEVERDREAM, G0065, GADOLINIUM, Gingham Typhoon, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper, is an advanced persistent threat linked to the Chinese Ministry of State Security. Operating since 2009, APT40 targets governmental organizations, companies, and universities globally, using methods like malware, zero-days, phishing, and keylogging. The group is associated with cyber espionage activities in various industries and regions, including the US, Canada, Europe, the Middle East, and the South China Sea. APT40 has been accused of breaching networks in New Zealand and was indicted by the US Department of Justice in 2021. A joint advisory by eight nations was released in 2024 regarding APT40's activities. The group is closely connected to Hafnium and has been involved in cyberwarfare activities.