CISA Issues Joint Advisory on China-Backed Cyber Group’s Activities

The Cybersecurity and Infrastructure Security Agency, along with the Australian Signals Directorate’s Australian Cyber Security Centre and several international organizations, have issued a joint advisory to raise awareness of the tactics used by APT40, a cyber group sponsored by China.

The advisory, titled “People’s Republic of China Ministry of State Security APT40 Tradecraft in Action,” details APT40’s methods for targeting, reconnaissance and exploitation, CISA said.

The group, which also goes by Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk, is known for its ability to quickly adapt and exploit vulnerabilities in popular software programs, including Microsoft Exchange.

CISA encourages organizations and software developers to review the guidance and implement the recommended mitigation strategies to strengthen their cyber defense posture. The agency also urges the adoption of Secure by Design principles to ensure software security.

Among the other institutions that contributed to the advisory are the National Security Agency, the FBI, the United Kingdom’s National Cyber Security Centre, the Canadian Centre for Cyber Security and the New Zealand National Cyber Security Centre.