Tech News
Chinese spies target vulnerable home office kit to run cyber attacks
The APT40 group, backed by China, has been actively targeting new victims by exploiting vulnerabilities in small office and home office (SoHo) networking devices for command and control (C2) activity during their attacks. This information comes from an international alert issued by the Five Eyes allied cyber agencies from Australia, Canada, New Zealand, the UK and the US, along with partner bodies from Germany, Japan, and South Korea.
The Australian Cyber Security Centre (ACSC) stated that APT40 has targeted networks in Australia and globally using compromised SoHo devices. In two case studies published by the Australian authorities, APT40 used SoHo devices as operational infrastructure and redirectors during attacks, making their activity somewhat easier to track.
SoHo networking devices are easier targets for malicious actors compared to large enterprise equivalents. Many of these devices are end-of-life or unpatched, offering a soft target for exploitation. Once compromised, they provide a launching point for attacks to blend in with legitimate traffic and challenge network defenders.
APT40 occasionally uses procured or leased infrastructure as victim-facing C2 infrastructure, but this technique seems to be declining. The ACSC shared details of an APT40 cyber attack in August 2022, where a malicious IP interacted with the target network using a device likely belonging to a small business or home user.
Mohammed Kazem, senior threat intelligence researcher at WithSecure, highlighted the continuous evolution of Chinese government/state-sponsored cyber operations. He noted the trend among PRC actors to target edge devices via exploitation and leverage compromised devices for stealthier operations.
Noteworthy threat
APT40, also known as Kryptonite Panda, Gingham Typhoon, Leviathan, and Bronze Mohawk, is a highly active group likely based in Haikou, Hainan Province, China. Tasked by the Hainan State Security Department of China’s Ministry of State Security (MSS), APT40 was involved in cyber attacks in 2021, targeting various sectors.
The group stole intellectual property and information for China’s state-owned enterprises, making it a significant threat due to its advanced capabilities and exploitation of new vulnerabilities.
APT40 is known for targeting public-facing infrastructure, exploiting widespread vulnerabilities like Log4j, and obtaining valid credentials for attacks.
Mitigating an APT40 intrusion
Defenders should prioritize keeping up-to-date logging, prompt patch management, and implementing network segmentation to mitigate APT40 intrusions. Other recommended steps include disabling unused network services, implementing web application firewalls, enforcing least privilege policies, using multifactor authentication, replacing end-of-life equipment, and reviewing custom applications for exploitable functionality.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend