APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns. The group, which is also known as Kryptonite Panda and Gingham Typhoon and is believed to be sponsored by the China’s Ministry of State Security, is expected to continue with this modus operandi, “using POCs for new high-profile vulnerabilities within hours or days of public release.” How APT40 compromises organizations APT 40 “appears to prefer exploiting vulnerable, public-facing infrastructure over techniques that require user interaction, such as phishing campaigns,” and has been known to exploit vulnerabilities in software such as Log4J, Atlassian Confluence and Microsoft Exchange.

Source: Help Net Security