APT40
| Formation | c. 2009 |
|---|---|
| Type | Advanced persistent threat |
| Purpose | Cyberespionage |
| Headquarters | Hainan Province |
Region | China |
| Methods | Malware, Zero-days, Phishing, backdoor (computing), RAT, Keylogging |
Official language | Chinese |
Parent organization | Hainan State Security Department of the Ministry of State Security |
Formerly called | APT40 Kryptonite Panda Hellsing Leviathan TEMP.Periscope Temp.Jumper Gadolinium GreenCrash Bronze Mohawk |
APT40, also known as BRONZE MOHAWK (by Secureworks), FEVERDREAM, G0065, GADOLINIUM (formerly by Microsoft), Gingham Typhoon (by Microsoft), GreenCrash, Hellsing (by Kaspersky), Kryptonite Panda (by Crowdstrike), Leviathan (by Proofpoint), MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper, is an advanced persistent threat operated by the Hainan State Security Department, a branch of the Chinese Ministry of State Security located in Haikou, Hainan, China, and has been active since at least 2009.
APT40 has targeted governmental organizations, companies, and universities in a wide range of industries, including biomedical, robotics, and maritime research, across the United States, Canada, Europe, the Middle East, and the South China Sea area, as well as industries included in China's Belt and Road Initiative. APT40 is closely connected to Hafnium.