China's APT40 targets new vulnerabilities and can abuse them within hours

Shadowed hands on a digital background reaching for a login prompt.
Image Credit: Shutterstock (Image credit: Shutterstock)

Chinese state-sponsored threat actors, tracked by Western cybersecurity agencies as APT40, work fast. They hunt for previously undisclosed vulnerabilities, quickly build exploits, and rush to deploy them as soon as possible.

In some instances, the entire process, from vulnerability discovery to exploitation, only lasted a couple of hours.

This is according to a new security advisory, jointly published by national security agencies from Australia, the US, Canada, New Zealand, Japan, South Korea, the UK, and Germany.

Targeting SOHO gear

Two years ago, Australia’s Cyber Security Centre (ASCS) was called by a local business to assist with a cyberattack. With the victim’s permission, the agency "deployed host-based sensors to likely affected hosts on the organization's network,” in order to track the attacker’s operations and map out its activities.

The advisory came as the result of that analysis, and states that APT40 "possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilize them against target networks possessing the infrastructure of the associated vulnerability." 

Besides hunting for new flaws, the group also scans the internet for known vulnerabilities which haven’t been patched and as such present an easy gateway into the target infrastructure.

"This regular reconnaissance postures the group to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits," the agencies said. They are scanning for devices still vulnerable to Log4shell, Atlassian Confluence flaws, as well as known Microsoft Exchange vulnerabilities. 

"APT40 has embraced the global trend of using compromised devices, including small-office/home-office (SOHO) devices, as operational infrastructure and last-hop redirectors for its operations in Australia," the researchers added. "Many of these SOHO devices are end-of-life or unpatched and offer a soft target for N-day exploitation."

Targeting SOHO devices is a double-edged sword, though, as it also allows security agencies to track and analyze the attackers, and thus assist in setting up defenses.

Via TheRegister

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
China
Chinese hackers develop effective new hacking technique to go after business networks
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
vpn
Ivanti warns another critical security flaw is being attacked
China
Chinese hackers targeting Juniper Networks routers, so patch now
China
Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does