People's Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action
July 9, 2024, 12:26 p.m.
Tags
External References
Description
This advisory outlines the tactics, techniques, and procedures employed by the state-sponsored cyber group APT40, also known as Kryptonite Panda, GINGHAM TYPHOON, Leviathan, and Bronze Mohawk. The group, believed to be associated with the People's Republic of China's Ministry of State Security, has repeatedly targeted networks in various countries, including Australia and the United States. The report provides details on the group's methods for initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, and command and control. It highlights the group's ability to rapidly exploit new vulnerabilities and compromised devices as operational infrastructure.
Date
Published: July 9, 2024, 12:03 p.m.
Created: July 9, 2024, 12:03 p.m.
Modified: July 9, 2024, 12:26 p.m.
Attack Patterns
APT40
CVE-2021-31207
CVE-2021-26084
CVE-2021-34473
CVE-2021-34523
CVE-2021-44228