APT40

GPTKB entity

Statements (54)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart at least 2013
gptkbp:alsoKnownAs gptkb:Gadolinium
cathedral
TEMP.Periscope
gptkbp:area gptkb:Australia
gptkb:Europe
gptkb:Southeast_Asia
gptkb:United_States
gptkb:Asia-Pacific
gptkbp:attributedTo gptkb:US_Department_of_Justice
gptkb:FireEye
gptkb:Mandiant
gptkb:Australian_Cyber_Security_Centre
gptkbp:baseOfOperations gptkb:Hainan,_China
gptkbp:category cybercrime
Advanced Persistent Threat
state-sponsored group
gptkbp:connectsTo Hainan Xiandun Technology Development Co., Ltd.
gptkbp:countryOfOrigin gptkb:China
https://www.w3.org/2000/01/rdf-schema#label APT40
gptkbp:indictedMembers Cheng Qingmin
Ding Xiaoyang
Wu Shurong
Zhu Yunmin
gptkbp:notableFor 2018
2021
gptkbp:notableOperation attacks on Southeast Asian governments
attacks on Australian organizations
targeting of US Navy contractors
gptkbp:primaryMotivation espionage
gptkbp:suspect gptkb:Ministry_of_State_Security_(China)
gptkb:Chinese_government
gptkbp:tactics spear phishing
watering hole attacks
custom malware deployment
supply chain compromise
gptkbp:target universities
maritime industries
healthcare sector
government organizations
defense sector
engineering firms
aviation sector
gptkbp:usesMalware gptkb:China_Chopper
gptkb:PhotoMiner
gptkb:PlugX
gptkb:QuasarRAT
gptkb:SeaDuke
gptkb:Cobalt_Strike
gptkb:Derusbi
RATs (Remote Access Trojans)
gptkbp:bfsParent gptkb:Operation_Winnti
gptkbp:bfsLayer 7