APT40

Leviathan
Formation	c. 2009
Type	Advanced persistent threat
Purpose	Cyberespionage,
Headquarters	Hainan Province
Region	China
Methods	Malware, Zero-days, Phishing, backdoor (computing), RAT, Keylogging
Official language	Chinese
Parent organization	Ministry of State Security
Formerly called	APT40; Kryptonite Panda; Hellsing; Leviathan; TEMP.Periscope; Temp.Jumper; Gadolinium; GreenCrash; Bronze Mohawk;

APT40, also known as BRONZE MOHAWK (by Secureworks),^[1] FEVERDREAM, G0065, GADOLINIUM (formerly by Microsoft),^[2] Gingham Typhoon^[3] (by Microsoft), GreenCrash, Hellsing (by Kaspersky),^[4] Kryptonite Panda (by Crowdstrike), Leviathan (by Proofpoint),^[5] MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper, is an advanced persistent threat located in Haikou, Hainan Province, People's Republic of China (PRC), and has been active since at least 2009.

APT40 has targeted governmental organizations, companies, and universities in a wide range of industries, including biomedical, robotics, and maritime research, across the United States, Canada, Europe, the Middle East, and the South China Sea area, as well as industries included in China's Belt and Road Initiative.^[6] APT40 is closely connected to Hafnium.^[7]

History[edit]

On July 19, 2021, the U.S. Department of Justice (DOJ) unsealed an indictment against four APT40 cyber actors for their illicit computer network exploitation activities via front company Hainan Xiandun Technology Development Company.^[6]

In March 2024, the New Zealand Government and its signals intelligence agency Government Communications Security Bureau accused the Chinese government via APT40 of breaching its parliamentary network in 2021.^[8]

References[edit]

^ "BRONZE MOHAWK | Secureworks".
^ "Microsoft Security—detecting empires in the cloud". Microsoft. 24 September 2020.
^ "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
^ "Hellsing Targeted Attacks". 13 January 2021.
^ "Leviathan: Espionage actor spearphishes maritime and defense targets | Proofpoint US". 16 October 2017.
^ ^a ^b National Cyber Awareness System (19 July 2021). "Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China's MSS Hainan State Security Department". Cybersecurity and Infrastructure Security Agency. Retrieved 19 July 2021.
^ Mackie, Kurt (July 19, 2021). "White House Says China's APT40 Responsible for Exchange Hacks, Ransomware Attacks -- Redmondmag.com". Redmondmag. Retrieved April 24, 2022.
^ Pearse, Adam (26 March 2024). "Parliament systems targeted by China-based hackers". The New Zealand Herald. Archived from the original on 26 March 2024. Retrieved 28 March 2024.

This computer security article is a stub. You can help Wikipedia by expanding it.

[1] "BRONZE MOHAWK | Secureworks".

[2] "Microsoft Security—detecting empires in the cloud". Microsoft. 24 September 2020.

[ms-threat-actors-24-3] "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.

[4] "Hellsing Targeted Attacks". 13 January 2021.

[5] "Leviathan: Espionage actor spearphishes maritime and defense targets | Proofpoint US". 16 October 2017.

[us-c_Tact-6] National Cyber Awareness System (19 July 2021). "Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China's MSS Hainan State Security Department". Cybersecurity and Infrastructure Security Agency. Retrieved 19 July 2021.

[:0-7] Mackie, Kurt (July 19, 2021). "White House Says China's APT40 Responsible for Exchange Hacks, Ransomware Attacks -- Redmondmag.com". Redmondmag. Retrieved April 24, 2022.

[8] Pearse, Adam (26 March 2024). "Parliament systems targeted by China-based hackers". The New Zealand Herald. Archived from the original on 26 March 2024. Retrieved 28 March 2024.

[1]

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

History[edit]

See also[edit]

References[edit]