What is the issue - The APT 40 threat group’s cyber espionage campaign targets engineering, transport, and companies that are related to the maritime sector.
Who are the targets?
The big picture
Researchers from FireEye opined APT40 threat group's activities and confirmed that the cyber espionage campaign targeting engineering, transport, and defense companies, is a state-sponsored operation.
Investigating the operational times of the threat group’s activities indicated that it is centered around China Standard Time (UTC +8). Additionally, APT40 group’s C&C domains were initially registered by China-based domain resellers and the group’s multiple IP addresses were located in China to conduct its operations.
APT40 threat group has been spotted using a variety of techniques for initial compromise such as phishing emails, and web server compromise, among others.
The group also uses a variety of malware and tools such as AIRBREAK, FRESHAIR, BEACON, HOMEFRY, PHOTO, BADFLICK, MURKYTOP, DISHCLOTH, CHINA CHOPPER, Gh0stRAT, BLACKCOFFEE, Mimikatz, XTHIEF, COOKIEFISH, GREENPIG, MOVIETIME, LUNCHMONEY, PAPERPUSH, and TRAFFIX.
“Based on APT40’s broadening into election-related targets in 2017, we assess with moderate confidence that the group’s future targeting will affect additional sectors beyond maritime, driven by events such as China’s Belt and Road Initiative,” the researchers noted.