APT40
APT40, also known as BRONZE MOHAWK (by Secureworks), FEVERDREAM, G0065, GADOLINIUM (formerly by Microsoft), Gingham Typhoon (by Microsoft), GreenCrash, Hellsing (by Kaspersky), Kryptonite Panda (by Crowdstrike), Leviathan (by Proofpoint), MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper, is an advanced persistent threat located in Haikou, Hainan Province, People's Republic of China (PRC), and has been active since at least 2009. APT40 has targeted governmental organizations, companies, and universities in a wide range of industries, including biomedical, robotics, and maritime research, across the United States, Canada, Europe, the Middle East, and the South China Sea area, as well as industries included in China's Belt and Road Initiative. APT40 is closely connected to Hafnium.
| Formation | c. 2009 |
|---|---|
| Type | Advanced persistent threat |
| Purpose | Cyberespionage, |
| Headquarters | Hainan Province |
Region | China |
| Methods | Malware, Zero-days, Phishing, backdoor (computing), RAT, Keylogging |
Official language | Chinese |
Parent organization | Ministry of State Security |
Formerly called | APT40 Kryptonite Panda Hellsing Leviathan TEMP.Periscope Temp.Jumper Gadolinium GreenCrash Bronze Mohawk |