Joint Advisory Reveals Cyberthreat Actor APT40’s Tactics and How to Mitigate Them
The United States Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have collaborated with global agency partners to release a Joint Cybersecurity Advisory about APT40, a People’s Republic of China (PRC) state-sponsored cyber group, highlighting the threat it poses to networks in the US, Australia, the UK, Canada and Europe.[1]
APT40 demonstrates an impressive ability to convert proof-of-concept (POC) exploits of new vulnerabilities into operational tools, deploying them almost immediately against vulnerable networks. This group consistently conducts thorough reconnaissance on targeted networks, including those in the authoring agencies’ countries, to identify and exploit vulnerable systems. By focusing on outdated or unmaintained devices, APT40 efficiently deploys its exploits, often leveraging vulnerabilities dating back to 2017. The authoring agencies predict that APT40 will continue using POCs for new, high-profile vulnerabilities within hours or days of their public disclosure.