Nation-State Actor
APT40 (Leviathan)
China • Active since 2013
APT40 is a Chinese hacking team that focuses on stealing secrets about ships, naval technology, and defense systems. They work for Chinese intelligence and target anyone building ships or working on underwater technology.
Overview
APT40 is a Chinese state-sponsored cyber espionage group linked to the Ministry of State Security (MSS) Hainan State Security Department. They target maritime industries, defense contractors, and organizations in countries involved in the Belt and Road Initiative.
Also Known As
Leviathan, TEMP.Periscope, TEMP.Jumper, Bronze Mohawk, Kryptonite Panda
Target Industries
Maritime, Defense, Aviation, Chemicals, Research, Government
Target Regions
United States, Europe, Southeast Asia, Australia
Is your business exposed?
Tactics, Techniques & Procedures
- • Spear-phishing
- • Web server exploitation
- • Watering hole attacks
- • Strategic web compromise
- • Living off the land
Known Tools & Malware
BADFLICK, PHOTO, HOMEFRY, China Chopper, Cobalt Strike
Notable Campaigns
Maritime Industry Targeting (2017-2020)
Systematic targeting of naval and maritime organizations for technology theft.
Research Institution Intrusions (2021)
Targeted universities and research institutions for COVID-19 and biotechnology research.
MITRE ATT&CK Techniques
T1566.001, T1190, T1059, T1071.001, T1041
Defense Recommendations
- 1.
Enhance maritime sector security protocols
- 2.
Monitor for China Chopper webshell
- 3.
Train staff on spear-phishing awareness
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required