APT40, also known as BRONZE MOHAWK (by

Secureworks Secureworks Inc. is an American cybersecurity company. The company has approximately 4,000 customers in more than 50 countries, ranging from Fortune 100 companies to mid-sized businesses in a variety of industries. It became part of Dell, Dell ...

), FEVERDREAM, G0065, GADOLINIUM (formerly by

Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...

), Gingham Typhoon (by Microsoft), GreenCrash, Hellsing (by

Kaspersky Kaspersky Lab (; ) is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and A ...

), Kryptonite Panda (by

Crowdstrike CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services. The company has been involved in investigations of seve ...

), Leviathan (by Proofpoint), MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper, is an

advanced persistent threat An advanced persistent threat (APT) is a stealthy threat actor, typically a State (polity), state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the ...

operated by the Hainan State Security Department, a branch of the Chinese Ministry of State Security located in

Haikou Haikou; Chinese postal romanization, formerly romanized as Hoihow is the capital city, capital and most populous city of the Chinese province of Hainan. Haikou city is situated on the northern coast of Hainan, by the mouth of the Nandu River. ...

Hainan Hainan is an island provinces of China, province and the southernmost province of China. It consists of the eponymous Hainan Island and various smaller islands in the South China Sea under the province's administration. The name literally mean ...

, China, and has been active since at least 2009. APT40 has targeted

governmental organizations A government agency or state agency, sometimes an appointed commission, is a permanent or semi-permanent organization in the machinery of government (bureaucracy) that is responsible for the oversight and administration of specific functions, s ...

, companies, and universities in a wide range of industries, including biomedical, robotics, and maritime research, across the

United States The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...

Canada Canada is a country in North America. Its Provinces and territories of Canada, ten provinces and three territories extend from the Atlantic Ocean to the Pacific Ocean and northward into the Arctic Ocean, making it the world's List of coun ...

Europe Europe is a continent located entirely in the Northern Hemisphere and mostly in the Eastern Hemisphere. It is bordered by the Arctic Ocean to the north, the Atlantic Ocean to the west, the Mediterranean Sea to the south, and Asia to the east ...

, the

Middle East The Middle East (term originally coined in English language) is a geopolitical region encompassing the Arabian Peninsula, the Levant, Turkey, Egypt, Iran, and Iraq. The term came into widespread usage by the United Kingdom and western Eur ...

, and the

South China Sea The South China Sea is a marginal sea of the Western Pacific Ocean. It is bounded in the north by South China, in the west by the Indochinese Peninsula, in the east by the islands of Taiwan island, Taiwan and northwestern Philippines (mainly Luz ...

area, as well as industries included in China's

Belt and Road Initiative The Belt and Road Initiative (BRI or B&R), known in China as the One Belt One Road and sometimes referred to as the New Silk Road, is a global infrastructure development strategy adopted by the government of China in 2013 to invest in more t ...

. APT40 is closely connected to

Hafnium Hafnium is a chemical element; it has symbol Hf and atomic number 72. A lustrous, silvery gray, tetravalent transition metal, hafnium chemically resembles zirconium and is found in many zirconium minerals. Its existence was predicted by Dm ...

History

On July 19, 2021, the

U.S. Department of Justice The United States Department of Justice (DOJ), also known as the Justice Department, is a federal executive department of the U.S. government that oversees the domestic enforcement of federal laws and the administration of justice. It is equi ...

(DOJ) unsealed an indictment against four APT40 cyber actors for their illicit computer network exploitation activities via front company Hainan Xiandun Technology Development Company. In March 2024, the New Zealand Government and its signals intelligence agency

Government Communications Security Bureau The Government Communications Security Bureau (GCSB) () is the public service, public-service department of New Zealand charged with promoting New Zealand's national security by collecting and analysing information of an intelligence nature. Th ...

accused the Chinese government via APT40 of breaching its

parliamentary In modern politics and history, a parliament is a legislative body of government. Generally, a modern parliament has three functions: Representation (politics), representing the Election#Suffrage, electorate, making laws, and overseeing ...

network in 2021. In July 2024, eight nations released a joint advisory on APT40.

References

{{authority control Cyberespionage units of the Ministry of State Security (China)

Organizations based in Haikou

History

See also

References