Malaysia’s Computer Emergency Response Team (MyCERT) warns of a cyber espionage campaign carried out by the China-linked APT40 group aimed at Malaysian government officials.
The attackers aimed at stealing confidential documents from government systems after having infected them with malware.
The attackers used spear-phishing messages sent to government officials, they posed as a journalist, an individual from a trade publication, or individuals from a relevant military organization or non-governmental organization (NGO).
The messages contained links to
“The group’s operations tend to target government-sponsored projects and take large amounts of information specific to such projects, including proposals, meetings, financial data, shipping information, plans and drawings, and raw data,” continues MyCERT.
It is not clear if the attackers have
The advisory doesn’t explicitly attribute the campaign to the Chinese APT, but references included in the alert p
Experts believe that APT40 is a state-sponsored Chinese APT group due to its alignment with Chinese state interests and technical artifacts suggesting the actor is based in China.
The APT40 group has been active since at least 2013 and appears to be focused on supporting naval modernization efforts of the Government of Beijing. Threat actors target engineering, transportation, and defense sectors, experts observed a specific interest in maritime technologies.
The cyberspies also targeted research centres and universities involved in naval research with the intent to access advanced technology to push the growth of the Chinese naval industry.
The list of victims of the APT40 group also includes organizations with operations in Southeast Asia or involved in South China Sea disputes.
In January, a group of anonymous security researchers that calls itself Intrusion Truth has discovered that the APT40 uses 1
(SecurityAffairs – APT40, China)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.