People's Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

Tags

External References

• https://www.cyber.gov.au/
• https://www.cisa.gov/
• https://otx.alienvault.com/

Description

This advisory outlines the tactics, techniques, and procedures employed by the state-sponsored cyber group APT40, also known as Kryptonite Panda, GINGHAM TYPHOON, Leviathan, and Bronze Mohawk. The group, believed to be associated with the People's Republic of China's Ministry of State Security, has repeatedly targeted networks in various countries, including Australia and the United States. The report provides details on the group's methods for initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, and command and control. It highlights the group's ability to rapidly exploit new vulnerabilities and compromised devices as operational infrastructure.

Date