APT 40 is believed to be a state-sponsored actor that operates in support of China’s naval modernization effort and its Belt and Road Initiative.
The group has targeted governmental organizations, companies, and universities in various industries, especially those related to maritime technologies, engineering, transportation, and defense
History
APT 40 is closely connected to Hafnium, another China-nexus cyber espionage group that was responsible for the Microsoft Exchange hacks and ransomware attacks in 2021
APT 40 has been indicted by the U.S. Department of Justice in July 2021 for its illicit computer network exploitation activities, and has been condemned by several countries, including Canada, for its malicious cyber campaigns
Attack methods
APT 40 uses a variety of methods and tools to conduct its cyber operations, such as malware, zero-days, phishing, backdoors, RATs, and keylogging
The group has also used front companies, such as Hainan Xiandun Technology Development Company, to hide its activities
Aliases
APT 40 is also known by other names, such as BRONZE MOHAWK, FEVERDREAM, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, MUDCARP, Periscope, Temp.Periscope, and Temp.Jumpe