China’s APT40 Group Stole Navy Secrets

Security researchers have detailed the work of yet another Chinese state-sponsored attack group, this time supporting the country’s efforts to improve its navy and its Belt and Road initiative.

APT40 has been around since 2013, with some previous activity ascribed to the TEMP.Periscope and TEMP.Jumper groups, according to FireEye.

“In December 2016, China’s People’s Liberation Army Navy (PLAN) seized a US Navy unmanned underwater vehicle (UUV) operating in the South China Sea,” the security experts revealed in a blog post.

“The incident paralleled China’s actions in cyberspace; within a year APT40 was observed masquerading as a UUV manufacturer, and targeting universities engaged in naval research. That incident was one of many carried out to acquire advanced technology to support the development of Chinese naval capabilities.”

The group has also targeted countries involved in South China Sea disputes with the Middle Kingdom, and nations China is trying to influence with its $1tr ‘trade network’ initiative known as Belt and Road, across Asia, Europe and the Middle East.

This includes attacks compromising government entities in Cambodia in charge of overseeing elections there.

FireEye claimed with “moderate confidence” that the group is state-sponsored, saying the targets are consistent with China’s interests, attacks center around China Standard Time, and C&C domains were registered in China with logins configured in Mandarin.

It uses classic spear-phishing techniques with malicious attachments.

“APT40 is a moderately sophisticated cyber espionage group that demonstrates access to significant development resources, as well as the ability to leverage shared and publicly available tools,” the newly released M-Trends 2019 report stated. “Although the group has not been observed exploiting zero-day vulnerabilities, it often weaponizes vulnerabilities within days of public disclosure.”

The revelations come as China sent a message to the international community on Monday that any attempt to thwart the ambitions of its biggest multi-nationals will be met with a stern government response.

It accused two detained Canadians, former diplomat Michael Kovrig, and businessman Michael Spavor, of spying in what is widely seen as a deliberate response to Canada’s decision to begin extradition proceedings of Huawei’s CFO to the US.

“We are obviously very concerned by this position that China has taken. It is unfortunate that China continues to move forward on these arbitrary detentions,” said Prime Minister, Justin Trudeau.

What’s Hot on Infosecurity Magazine?