The National Security Agency, alongside other U.S. and international government agencies, has released a cybersecurity advisory titled “PRC MSS Tradecraft in Action.”
The advisory seeks to help cybersecurity practitioners prevent network intrusions or identify and remediate ongoing intrusions caused by a cyber actor group called APT 40, the NSA said Monday.
Also known as Kryptonite Panda, Gingham Typhoon and Bronze Mohawk, APT 40 is associated with the People’s Republic of China Ministry of State Security. Various organizations around the world have already been targeted by the group, including those from the U.S. and Australia.
Regarding the cyber actor, NSA Director of Cybersecurity Dave Luber said, “APT 40 is a known cyber actor group that continues to practice cyber espionage and evolve its tradecraft to target government networks.”
To support the work of cyber defenders, the advisory contains, among other things, details about APT 40’s tradecraft, the results of investigations on successful intrusions by the group and steps that can be taken to secure networks from the group.