People's Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action
Essential information
- Published
- 09/07/2024 12:03
- Modified
- 09/07/2024 12:26
- Tags
- 2024-07-09 apt40 bronze mohawk china cyber espionage gingham typhoon kryptonite panda leviathan
- Related entities
- 5 vulnerabilities (cve), 1 intrusion sets (apt)
Description
This advisory outlines the tactics, techniques, and procedures employed by the state-sponsored cyber group APT40, also known as Kryptonite Panda, GINGHAM TYPHOON, Leviathan, and Bronze Mohawk. The group, believed to be associated with the People's Republic of China's Ministry of State Security, has repeatedly targeted networks in various countries, including Australia and the United States. The report provides details on the group's methods for initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, and command and control. It highlights the group's ability to rapidly exploit new vulnerabilities and compromised devices as operational infrastructure.