APT40
Country: People's Republic of China (PRC) Organization: Hainan State Security Department (HSSD), of the Ministry of State Security (MSS) Objective: Espionage
Aliases:
- Bronze Mohawk (Secureworks)
- Leviathan/Kryptonite Panda (CrowdStrike)
- Gadolinium (formerly used by Microsoft)
- Gingam Typhoon (Microsoft)
- FEVERDREAM, G0065, GreenCrash, Hellsing, Mudcarp, Periscope
- Temp.Periscope/ Temp.Jumper (FireEye)
Front Company
- Hainan Xiandun Technology Development Co., Ltd. (海南仙盾) (Hainan Xiandun) (Note: disbanded)
Identified Members
- Ding Xiaoyang (丁晓阳)
- Cheng Qingmin (程庆民)
- Zhu Yunmin (朱允敏)
- Wu Shurong (吴淑荣)
References:
Links (Sorted in Chronological Order)
2021
- July 20, 2021 – CISA: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
- July 19, 2021 – U.S. Department of Justice: Four Chinese Nationals Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including Infectious Disease Research
2020
- September 24/ 2020 – Microsoft: Microsoft Security—detecting empires in the cloud
2019
- March 04, 2019 – Mandiant: APT40: Examining a China-Nexus Espionage Actor