Chinese state-sponsored actor APT40 is focusing on exploiting newly discovered software vulnerabilities (N-days), often within hours of public release, a joint government advisory has warned. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), alongside agency partners from the US, UK, Canada, New Zealand, Germany, South Korea and Japan, noted that the group prefers to exploit vulnerable, public-facing infrastructure over techniques that require user interaction such as phishing campaigns.

Source: Infosecurity Magazine – Information Security & IT Security