Malaysia’s Computer Emergency Response Team (MyCERT) warns of a cyber espionage campaign carried out by the China-linked APT40 group aimed at Malaysian government officials.
The attackers aimed at stealing confidential documents from government systems after having infected them with malware.
The attackers used spear-phishing messages sent to government officials, they posed as a journalist, an individual from a trade publication, or individuals from a relevant military organization or non-governmental organization (NGO).
The messages contained links to
“The group’s operations tend to target government-sponsored projects and take large amounts of information specific to such projects, including proposals, meetings, financial data, shipping information, plans and drawings, and raw data,” continues MyCERT.
It is not clear if the attackers have
The advisory doesn’t explicitly attribute the campaign to the Chinese APT, but references included in the alert p
Experts believe that APT40 is a state-sponsored Chinese APT group due to its alignment with Chinese state interests and technical artifacts suggesting the actor is based in China.
The APT40 group has been active since at least 2013 and appears to be focused on supporting naval modernization efforts of the Government of Beijing. Threat actors target engineering, transportation, and defense sectors, experts observed a specific interest in maritime technologies.
The cyberspies also targeted research centres and universities involved in naval research with the intent to access advanced technology to push the growth of the Chinese naval industry.
The list of victims of the APT40 group also includes organizations with operations in Southeast Asia or involved in South China Sea disputes.
In January, a group of anonymous security researchers that calls itself Intrusion Truth has discovered that the APT40 uses 1
(SecurityAffairs – APT40, China)