The PRC state-sponsored cyber group has previously targeted organisationsin various countries, including Australia and the United States, and the techniques highlighted below are regularly used by other PRC state-sponsored actors globally.
Therefore, the authoring agencies believe the group, and similar techniquesremain a threat to their countries’ networks as well. The authoring agencies assess that this group conduct malicious cyber operations for the PRC Ministry of State Security (MSS). The activity and techniques overlap with the groups tracked as Advanced Persistent Threat (APT) 40 (also known as Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk in industry reporting). T
Read more… [PDF]
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Sleep with one eye open: how Librarian Ghouls steal data by night
June 9, 2025
Librarian Ghouls, also known as “Rare Werewolf” and “Rezet”, is an APT group that targets entities in Russia and the CIS. The group has remained active through May 2025, consistently targeting Russian companies. A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries. The malicious ...
- GoldenEye Dog(APT-Q-27) gang’s recent use of “Silver Fox” Trojan stealing activities
June 6, 2025
GoldenEyeDog (tracked internally as APT-Q-27 by Qi’anxin) is a hacking group targeting people involved in gaming and dog-pushing in Southeast Asia, as well as the overseas Chinese community, with a range of business activities including remote control, mining, DDoS attacks, etc. It is related to a larger attack group tracked by Qi’anxin, the Miuuti Group. The ...
- Statement of solidarity by the North Atlantic Council concerning the malicious cyber activities against the Czech Republic
May 27, 2025
“We stand in solidarity with the Czech Republic following the malicious cyber campaign against its Ministry of Foreign Affairs. We recognise that the Government of the Czech Republic has attributed the responsibility to the People’s Republic of China, specifically APT31, which is associated with the Ministry of State Security. This campaign targeted a Czech MFA unclassified ...
- Pakistan among least affected by web threats
May 25, 2025
At its annual Cyber Security Weekend for the Middle East, Turkiye and Africa (META) region, the Kaspersky Global Research and Analysis Team presented cybersecurity trends, including ransomware, advanced persistent threats (APTs), supply chain attacks, mobile threats, artificial intelligence and IoT developments. The first quarter of 2025 showed that Turkiye and Kenya had the highest number of ...
- Mysterious hacking group Careto was run by the Spanish government
May 23, 2025
More than a decade ago, researchers at antivirus company Kaspersky identified suspicious internet traffic of what they thought was a known government-backed group, based on similar targeting and its phishing techniques. Soon, the researchers realized they had found a much more advanced hacking operation that was targeting the Cuban government, among others. Eventually the researchers were ...
- Global Russian hacking campaign steals data from government agencies
May 16, 2025
For years now, Russian state-sponsored threat actors have been eavesdropping on email communications from governments across Eastern Europe, Africa, and Latin America. A new report from cybersecurity researchers ESET has found that the crooks were abusing multiple zero-day and n-day vulnerabilities in webmail servers to steal the emails. ESET named the campaign “RoundPress”, and says that ...