APT40

APT40, also known by various aliases such as BRONZE MOHAWK and Leviathan, is a Chinese cyber espionage group based in Hainan Province. Active since at least 2009, APT40 has targeted a broad spectrum of organizations, including governmental bodies, companies, and academic institutions across the globe. Their targets often align with China's strategic interests, particularly industries related to the Belt and Road Initiative, such as biomedical, aerospace, and maritime research. The group's tactics include spearphishing, exploitation of public-facing applications, and the use of custom malware. They have been involved in significant data theft, including trade secrets and intellectual property, using tools like the Derusbi malware and the China Chopper web shell. APT40's activities are closely linked to the Chinese Ministry of State Security (MSS), highlighting their role in state-sponsored espionage. In 2021, the U.S. Department of Justice indicted four members of APT40 for their involvement in cyber espionage, revealing the group's sophisticated and coordinated operations.