Government agencies, including the US National Security Agency (NSA), have issued a joint advisory warning about the Chinese state-sponsored hacking group APT 40, also known as Leviathan.
This group is rapidly exploiting known software vulnerabilities. Active since at least 2013, APT 40 was recently detected infiltrating Australian networks using newly disclosed software vulnerabilities and proof-of-concept (POC) techniques.
POCs, intended to help researchers and companies understand threats, are quickly weaponized by APT 40 to attack vulnerable software. The time lag in patching these vulnerabilities, which can span days to months, provides a window for the group to exploit these flaws.
The advisory, co-authored by agencies in Europe, Australia, and South Korea, warns that APT 40 will continue to leverage new POCs shortly after their release. Additionally, APT 40 is known to hijack small-office and home-office (SOHO) devices, which are often unpatched or end-of-life, to facilitate their hacking activities. These compromised devices can launch attacks that mimic legitimate traffic, complicating detection efforts.
The NSA highlights that APT 40 targets include cyber espionage, particularly in naval defense research. To defend against these threats, the advisory recommends prompt software patching, maintaining detailed software logs, and implementing network segmentation.