APT40 (Advanced Persistent Threat 40)
6th September 2024
The UK, along with its international allies, has released a new alert shedding light on how China state-sponsored actors have advanced their cyber attack techniques.
The National Cyber Security Centre (NCSC), a branch of GCHQ, in collaboration with partners from Australia, the US, Canada, New Zealand, Germany, South Korea, and Japan, has issued an advisory. This document focuses on a China state-sponsored cyber actor's assaults on Australian networks.
The UK has previously identified APT40 (Advanced Persistent Threat 40) as part of the Chinese Ministry of State Security and it is this cyber threat group that is now targeting small-office and home-office (SoHo) devices, which are often more vulnerable. These devices are easier to exploit when they lack the latest software updates or security patches, making it simpler to hide malicious activity and can be a backdoor route to bigger targets.
Notably, APT40 regularly conducts reconnaissance against networks of interest, looking for opportunities to compromise its targets. This regular reconnaissance enables the group to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits which have the ability to immediately transform and adapt a target’s own POC codes to use against itself.
These techniques are widely used by other China state-sponsored actors around the globe and alarmingly, APT40 continues to find success exploiting vulnerabilities from as early as 2017.
The advisory has provided two technical case studies to help network defenders identify and counter these threats. Network defenders are urged to follow the latest advice to detect and mitigate these cyber threats.
Find out more about our services.