People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

    Tuesday, July 23, 2024 In: Threat Research Print

    Date: 07/09/2024

    Severity: High

    Summary

    The "People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action" report details cyber espionage activities of APT40, a group linked to China's Ministry of State Security. It highlights their tactics like spear phishing and custom malware to target diverse sectors globally, emphasizing the need for robust cybersecurity defenses.

    Indicators of Compromise (IOC) List

    Hash

    44369783a819a38909e89449495fb98c3f9ba07dd0d2fa55a24a560a89f21a86

97daa26c59e0e151f66872147ccd30dd1815bc6e63ec40c288130c6e8a6ea992

B271e74ed44c3c405da858f29b6dfd4a99658dcac7bc83938079ad0dbbdf1b66

7c7acd87b47d405da4d6efa2c43599148e12c094970ba198905f0a165d79a78f

187d6f2ed2c80f805461d9119a5878ac

26a5a7e71a601be991073c78d513dee3

5bf7560d0a638e34035f85cd3788e258

64454645a9a21510226ab29e01e76d39

6a9bc68c9bc5cefaf1880ae6ffb1d0ca

87c88f06a7464db2534bc78ec2b915de

9f89f069466b8b5c9bf25c9374a4daf8

e02be0dc614523ddd7a28c9e9d500cff

e2175f91ce3da2e8d46b0639e941e13f

ed7178cec90ed21644e669378b3a97ec

    Gurucul TDIR queries for detection:

    Hash

    sha256hash IN ("44369783a819a38909e89449495fb98c3f9ba07dd0d2fa55a24a560a89f21a86","7c7acd87b47d405da4d6efa2c43599148e12c094970ba198905f0a165d79a78f","b271e74ed44c3c405da858f29b6dfd4a99658dcac7bc83938079ad0dbbdf1b66","97daa26c59e0e151f66872147ccd30dd1815bc6e63ec40c288130c6e8a6ea992")

md5hash IN ("187d6f2ed2c80f805461d9119a5878ac",

"26a5a7e71a601be991073c78d513dee3",

"5bf7560d0a638e34035f85cd3788e258",

"64454645a9a21510226ab29e01e76d39",

"6a9bc68c9bc5cefaf1880ae6ffb1d0ca",

"87c88f06a7464db2534bc78ec2b915de",

"9f89f069466b8b5c9bf25c9374a4daf8",

"e02be0dc614523ddd7a28c9e9d500cff",

"e2175f91ce3da2e8d46b0639e941e13f"

"ed7178cec90ed21644e669378b3a97ec")

     

    Category: Cybersecurity and Infrastructure Security Agency (CISA)

    Reference:

    https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

    https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/apt40-advisory-prc-mss-tradecraft-in-action

    https://www.theregister.com/2024/07/09/apt_40_tradecraft_advisory

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.