Type
Purpose
Headquarters
Region
Methods
Malware, Zero-days, Phishing, backdoor (computing), RAT, Keylogging
Official language
Parent organization
Hainan State Security Department of the Ministry of State Security
Formerly called
APT40
Kryptonite Panda
Hellsing
Leviathan
TEMP.Periscope
Temp.Jumper
Gadolinium
GreenCrash
Bronze Mohawk
APT40, also known as BRONZE MOHAWK (bySecureworks),[1] FEVERDREAM, G0065, GADOLINIUM (formerly by Microsoft),[2] Gingham Typhoon[3] (by Microsoft), GreenCrash, Hellsing (byKaspersky),[4] Kryptonite Panda (byCrowdstrike), Leviathan (byProofpoint),[5] MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper, is an advanced persistent threat operated by the Hainan State Security Department, a branch of the Chinese Ministry of State Security located in Haikou, Hainan, China, and has been active since at least 2009.
APT40 has targeted governmental organizations, companies, and universities in a wide range of industries, including biomedical, robotics, and maritime research, across the United States, Canada, Europe, the Middle East, and the South China Sea area, as well as industries included in China's Belt and Road Initiative.[6] APT40 is closely connected to Hafnium.[7]
On July 19, 2021, the U.S. Department of Justice (DOJ) unsealed an indictment against four APT40 cyber actors for their illicit computer network exploitation activities via front company Hainan Xiandun Technology Development Company.[6]
In March 2024, the New Zealand Government and its signals intelligence agency Government Communications Security Bureau accused the Chinese government via APT40 of breaching its parliamentary network in 2021.[8] In July 2024, eight nations released a joint advisory on APT40.[9]
(MSS Headquarters: Yidongyuan Compound, Xiyuan, Haidian District, Beijing, China)
Organization
Municipal bureaus
Provincial departments
Departments in
autonomous regions
Schools
Research institutes
Major international
operations
Notable works
Activities by country
Major incidents
2011
2012
2013
2014
2015
2016
2017
2018
2019
Major vulnerabilities
publicly disclosed
2011
2012
2013
2014
2015
2016
2017
2018
2019
Major incidents
2021
2022
2023
2024
Groups
Major vulnerabilities
publicly disclosed
Malware
2021
2022