Jump to content
 







Main menu
    


Navigation  


Main page
 Contents
 Current events
 Random article
 About Wikipedia
 Contact us
 Donate
  



Contribute  


Help
 Learn to edit
 Community portal
 Recent changes
 Upload file
  







Search  

































Create account

Log in
 









Create account
  Log in
  



Pages for logged out editors learn more  


Contributions
 Talk
  


















Contents

   



(Top)
  


1 History  




2 See also  




3 References  













APT40






עברית
 
Edit links
  








Article
 Talk
  
















Read
 Edit
 View history
  







Tools
    


Actions  


Read
 Edit
 View history
  



General  


What links here
 Related changes
 Upload file
 Special pages
 Permanent link
 Page information
 Cite this page
 Get shortened URL
 Download QR code
 Wikidata item
  



Print/export  


Download as PDF
 Printable version
  















Appearance
    

 





From Wikipedia, the free encyclopedia
  

APT40

Formation

c. 2009[1]

Type

Advanced persistent threat

Purpose

Cyberespionage,

Headquarters

Hainan Province

Region

China

Methods

Malware, Zero-days, Phishing, backdoor (computing), RAT, Keylogging

Official language

Chinese

Parent organization

Hainan State Security Department of the Ministry of State Security

Formerly called

APT40
Kryptonite Panda
Hellsing
Leviathan
TEMP.Periscope
Temp.Jumper
Gadolinium
GreenCrash
Bronze Mohawk

APT40, also known as BRONZE MOHAWK (bySecureworks),[1] FEVERDREAM, G0065, GADOLINIUM (formerly by Microsoft),[2] Gingham Typhoon[3] (by Microsoft), GreenCrash, Hellsing (byKaspersky),[4] Kryptonite Panda (byCrowdstrike), Leviathan (byProofpoint),[5] MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper, is an advanced persistent threat operated by the Hainan State Security Department, a branch of the Chinese Ministry of State Security located in Haikou, Hainan, China, and has been active since at least 2009.

APT40 has targeted governmental organizations, companies, and universities in a wide range of industries, including biomedical, robotics, and maritime research, across the United States, Canada, Europe, the Middle East, and the South China Sea area, as well as industries included in China's Belt and Road Initiative.[6] APT40 is closely connected to Hafnium.[7]

History[edit]

On July 19, 2021, the U.S. Department of Justice (DOJ) unsealed an indictment against four APT40 cyber actors for their illicit computer network exploitation activities via front company Hainan Xiandun Technology Development Company.[6]

In March 2024, the New Zealand Government and its signals intelligence agency Government Communications Security Bureau accused the Chinese government via APT40 of breaching its parliamentary network in 2021.[8] In July 2024, eight nations released a joint advisory on APT40.[9]

See also[edit]

References[edit]

  1. ^ "BRONZE MOHAWK | Secureworks". Archived from the original on 2022-07-02. Retrieved 2022-07-27.
  • ^ "Microsoft Security—detecting empires in the cloud". Microsoft. 24 September 2020. Archived from the original on 27 July 2022. Retrieved 27 July 2022.
  • ^ "How Microsoft names threat actors". Microsoft. Archived from the original on 10 July 2024. Retrieved 21 January 2024.
  • ^ "Hellsing Targeted Attacks". 13 January 2021. Archived from the original on 27 July 2022. Retrieved 27 July 2022.
  • ^ "Leviathan: Espionage actor spearphishes maritime and defense targets | Proofpoint US". 16 October 2017. Archived from the original on 28 May 2022. Retrieved 27 July 2022.
  • ^ a b National Cyber Awareness System (19 July 2021). "Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China's MSS Hainan State Security Department". Cybersecurity and Infrastructure Security Agency. Archived from the original on 19 July 2021. Retrieved 19 July 2021.
  • ^ Mackie, Kurt (July 19, 2021). "White House Says China's APT40 Responsible for Exchange Hacks, Ransomware Attacks -- Redmondmag.com". Redmondmag. Archived from the original on May 17, 2022. Retrieved April 24, 2022.
  • ^ Pearse, Adam (26 March 2024). "Parliament systems targeted by China-based hackers". The New Zealand Herald. Archived from the original on 26 March 2024. Retrieved 28 March 2024.
  • ^ Cherney, Mike (July 9, 2024). "U.S., Allies Issue Rare Warning on Chinese Hacking Group". The Wall Street Journal. Archived from the original on July 9, 2024. Retrieved July 9, 2024.

    • (MSS Headquarters: Yidongyuan Compound, Xiyuan, Haidian District, Beijing, China)

    Organization

    Headquarters bureaus

  • International Intelligence
  • Political & Economic Intelligence
  • Taiwan, Hong Kong and Macao
  • Analysis and Dissemination
  • Operational Guidance
  • Counterespionage
  • Counterespionage Investigation
  • Internal Security
  • External Security
  • CICIR
  • Social Investigation Bureau
  • CNITSEC
  • Technical Reconnaissance
  • Institute of Taiwan Studies
  • Imaging Intelligence
  • Enterprises
  • United States
  • Counterterrorism

    • Municipal bureaus

  • Chongqing
  • Shanghai
  • Tianjin

    • Provincial departments

  • Fujian
  • Gansu
  • Guangdong
  • Guizhou
  • Hainan
  • Hebei
  • Heilongjiang
  • Henan
  • Hubei
  • Hunan
  • Jiangsu
  • Jiangxi
  • Jilin
  • Liaoning
  • Qinghai
  • Shaanxi
  • Shandong
  • Shanxi
  • Sichuan
  • Yunnan
  • Zhejiang

    • Departments in
    autonomous regions

  • Inner Mongolia
  • Ningxia
  • Tibet
  • Xinjiang

    • Schools

  • Jiangnan Social University

    • Research institutes

    Front organizations

  • China National Technical Import and Export Corporation

    • Ministers

  • Jia Chunwang
  • Xu Yongyue
  • Geng Huichang
  • Chen Wenqing
  • Chen Yixin

    • Major international
    operations

  • Cyberwarfare by China
  • China's peaceful rise

    • Notable works

  • The Sentinel State (2024)
  • Spies and Lies (2022)
  • Chinese Communist Espionage (2019)
  • Chinese Spies (2019)

    • Activities by country

  • United States
  • African Union

    • Hacking in the 2010s

    2020s →

    Major incidents

    2010

  • Australian cyberattacks
  • Operation Olympic Games
  • Operation ShadowNet
  • Operation Payback

    • 2011

  • DigiNotar
  • DNSChanger
  • HBGary Federal
  • Operation AntiSec
  • PlayStation network outage
  • RSA SecurID compromise

    • 2012

  • Stratfor email leak
  • Operation High Roller

    • 2013

  • Snapchat hack
  • Cyberterrorism attack of June 25
  • 2013 Yahoo! data breach
  • Singapore cyberattacks

    • 2014

  • Operation Tovar
  • 2014 celebrity nude photo leak
  • 2014 JPMorgan Chase data breach
  • 2014 Sony Pictures hack
  • Russian hacker password theft
  • 2014 Yahoo! data breach

    • 2015

  • Hacking Team
  • Ashley Madison data breach
  • VTech data breach
  • Ukrainian Power Grid Cyberattack
  • SWIFT banking hack

    • 2016

  • Hollywood Presbyterian Medical Center ransomware incident
  • Commission on Elections data breach
  • Democratic National Committee cyber attacks
  • Vietnam Airport Hacks
  • DCCC cyber attacks
  • Indian Bank data breaches
  • Surkov leaks
  • Dyn cyberattack
  • Russian interference in the 2016 U.S. elections
  • 2016 Bitfinex hack

    • 2017

  • 2017 Macron e-mail leaks
  • WannaCry ransomware attack
  • Westminster data breach
  • Petya and NotPetya
  • Vault7 data breach
  • Equifax data breach
  • Deloitte breach
  • Disqus breach

    • 2018

  • Atlanta cyberattack
  • SingHealth data breach

    • 2019

  • Baltimore ransomware attack
  • Bulgarian revenue agency hack
  • WhatsApp snooping scandal
  • Jeff Bezos phone hacking incident

    • Hacktivism

  • CyberBerkut
  • GNAA
  • Goatse Security
  • Lizard Squad
  • LulzRaft
  • LulzSec
  • New World Hackers
  • NullCrew
  • OurMine
  • PayPal 14
  • RedHack
  • Teamp0ison
  • TDO
  • UGNazi
  • Ukrainian Cyber Alliance

    • Advanced
    persistent threats

  • Bureau 121
  • Charming Kitten
  • Cozy Bear
  • Dark Basin
  • DarkMatter
  • Elfin Team
  • Equation Group
  • Fancy Bear
  • GOSSIPGIRL (confederation)
  • Guccifer 2.0
  • Hacking Team
  • Helix Kitten
  • Iranian Cyber Army
  • Lazarus Group (BlueNorOff) (AndAriel)
  • NSO Group
  • Numbered Panda
  • PLA Unit 61398
  • PLA Unit 61486
  • PLATINUM
  • Pranknet
  • Red Apollo
  • Rocket Kitten
  • Stealth Falcon
  • Syrian Electronic Army
  • Tailored Access Operations
  • The Shadow Brokers
  • xDedic
  • Yemen Cyber Army

    • Individuals

  • George Hotz
  • Guccifer
  • Jeremy Hammond
  • Junaid Hussain
  • Kristoffer von Hassel
  • Mustafa Al-Bassam
  • MLT
  • Ryan Ackroyd
  • Sabu
  • Topiary
  • Track2
  • The Jester

    • Major vulnerabilities
    publicly disclosed

  • iSeeYou (2013)
  • Heartbleed (2014)
  • Shellshock (2014)
  • POODLE (2014)
  • Rootpipe (2014)
  • Row hammer (2014)
  • SS7 vulnerabilities (2014)
  • WinShock (2014)
  • JASBUG (2015)
  • Stagefright (2015)
  • DROWN (2016)
  • Badlock (2016)
  • Dirty COW (2016)
  • Cloudbleed (2017)
  • Broadcom Wi-Fi (2017)
  • EternalBlue (2017)
  • DoublePulsar (2017)
  • Silent Bob is Silent (2017)
  • KRACK (2017)
  • ROCA vulnerability (2017)
  • BlueBorne (2017)
  • Meltdown (2018)
  • Spectre (2018)
  • EFAIL (2018)
  • Exactis (2018)
  • Speculative Store Bypass (2018)
  • Lazy FP state restore (2018)
  • TLBleed (2018)
  • SigSpoof (2018)
  • Foreshadow (2018)
  • Dragonblood (2019)
  • Microarchitectural Data Sampling (2019)
  • BlueKeep (2019)
  • Kr00k (2019)

    • Malware

    2010

  • Black Energy 2
  • SpyEye
  • Stuxnet

    • 2011

  • Alureon
  • Duqu
  • Kelihos
  • Metulji botnet
  • Stars

    • 2012

  • Dexter
  • FBI
  • Flame
  • Mahdi
  • Red October
  • Shamoon

    • 2013

  • DarkSeoul

    • 2014

  • Black Energy 3
  • Carbanak
  • Careto
  • DarkHotel
  • Duqu 2.0
  • FinFisher
  • Gameover ZeuS
  • Regin

    • 2015

  • Hidden Tear
  • Rombertik
  • TeslaCrypt

    • 2016

  • Jigsaw
  • KeRanger
  • Necurs
  • MEMZ
  • Mirai
  • Pegasus
  • Petya and NotPetya
  • X-Agent

    • 2017

  • Kirk
  • LogicLocker
  • Rensenware
  • Triton
  • WannaCry
  • XafeCopy

    • 2018

    2019

  • Joanap
  • NetTraveler
  • R2D2
  • Tinba
  • Titanium
  • ZeroAccess botnet

    • Hacking in the 2020s

    2030s →

    Major incidents

    2020

  • Twitter account hijacking
  • European Medicines Agency data breach
  • Nintendo data leak
  • United States federal government data breach
  • EasyJet data breach
  • Vastaamo data breach

    • 2021

  • Ivanti Pulse Connect Secure data breach
  • Colonial Pipeline ransomware attack
  • Health Service Executive ransomware attack
  • Waikato District Health Board ransomware attack
  • JBS S.A. ransomware attack
  • Kaseya VSA ransomware attack
  • Transnet ransomware attack
  • Epik data breach
  • FBI email hack
  • National Rifle Association ransomware attack
  • Banco de Oro hack

    • 2022

  • Red Cross data breach
  • Anonymous and the Russian invasion of Ukraine
  • Viasat hack
  • DDoS attacks on Romania
  • Costa Rican ransomware attack
  • LastPass vault theft
  • Shanghai police database leak
  • Grand Theft Auto VI content leak

    • 2023

  • Evide data breach
  • MOVEit data breach
  • Insomniac Games data breach
  • Polish railway cyberattack
  • British Library cyberattack

    • 2024

  • Kadokawa and Niconico

    • Groups

  • Anonymous Sudan
  • Berserk Bear
  • Clop
  • Cozy Bear
  • DarkMatter
  • DarkSide
  • Dridex
  • Ghostwriter
  • GnosticPlayers
  • Guacamaya
  • Hafnium
  • IT Army of Ukraine
  • Killnet
  • Lapsus$
  • LightBasin
  • LockBit
  • REvil
  • Sandworm
  • Sakura Samurai
  • ShinyHunters
  • Wizard Spider

    • Individuals

  • maia arson crimew
  • Kirtaner

    • Major vulnerabilities
    publicly disclosed

  • Thunderspy (2020)
  • PrintNightmare (2021)
  • FORCEDENTRY (2021)
  • Log4Shell (2021)
  • Account pre-hijacking (2022)
  • Retbleed (2022)
  • Downfall (2023)
  • LogoFAIL (2023)
  • Reptar (2023)
  • Terrapin (2023)
  • GoFetch (2024)

    • Malware

    2020

  • Drovorub

    • 2021

    2022

  • Pipedream


    • Retrieved from "https://en.wikipedia.org/w/index.php?title=APT40&oldid=1233806256"
    Categories: 
    Cyberespionage units of the Ministry of State Security (China)
     Provincial organs of the Ministry of State Security (China)
     Organizations based in Haikou
     Hidden categories: 
    Articles with short description
     Short description is different from Wikidata
      


    This page was last edited on 11 July 2024, at 00:13 (UTC).
    Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.


    Privacy policy
    About Wikipedia
    Disclaimers
    Contact Wikipedia
    Code of Conduct
    Developers
    Statistics
    Cookie statement
    Mobile view


    Wikimedia Foundation
    Powered by MediaWiki