Organisations with critical data or operations should take government warnings seriously and strengthen their defences accordingly, a cybersecurity expert has warned.
According to Chris Grove, Cybersecurity Strategy Director, Nozomi Networks, the recent joint cybersecurity advisory on APT40 is similar to the one issued in February 2024 concerning another CCP-affiliated hacking group, Volt Typhoon.
Grove says that APT40 employs ‘living off the land’ techniques, which use legitimate system tools to blend in and evade detection, complicating defence and making detection more challenging.
“Both groups exhibit highly sophisticated attack methods, yet their objectives differ. APT40 primarily engages in espionage, whereas Volt Typhoon focuses on potential sabotage of critical infrastructure.
“The data stolen by APT40 serves dual purposes: it is used for state espionage and subsequently transferred to Chinese companies.
“These companies utilise the purloined trade secrets to develop products that are then sold in the global market, thereby leveraging intellectual property stolen from other nations.
“One capability that assists defenders in hunting down these types of threats is advanced anomaly detection systems, acting as intrusion detection for attackers able to ‘live off the land’ and avoid deploying malware that would reveal their presence,” concludes Grove.