APT40

APT40 is a threat actor originally identified by researchers at Mandiant an attributed to the Chinese government. A 2021 US Department of Justice indictment linked the group to the Hainan State Security Department (HSSD), a provincial arm of China’s Ministry of State Security (MSS).

According to researchers at Mandiant, the group has been observed targeting organizations globally, with a focus on countries that are strategically important to the Belt and Road Initiative.

APT40 have a complex arsenal of public and private tools, some of which are shared with other China attributed threat actors. APT40 typically gain access via spear-phishing including masquerading as prominent individuals and leveraging previously compromised accounts for this purpose.

www.cyber.gov.au

https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/apt40-advisory-prc-mss-tradecraft-in-action

www.mandiant.com

https://www.mandiant.com/resources/insights/apt-groups

cloud.google.com

https://cloud.google.com/blog/topics/threat-intelligence/apt40-examining-a-china-nexus-espionage-actor

www.cisa.gov

https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-200a

blog.sekoia.io

https://blog.sekoia.io/my-teas-not-cold-an-overview-of-china-cyber-threat/

www.justice.gov

https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion