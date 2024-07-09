Chinese state-backed hacking group APT40 has been noted by an Australia-led advisory that involved the participation of seven other countries, including the U.S., to have been engaging in the immediate exploitation of newly discovered security vulnerabilities, according to The Register.

Attacks by the threat operation, also known as Kryptonite Panda, Bronze Mohawk, Leviathan, and GINGHAM TYPHOON, entailed the initial targeting of breached devices before proceeding with the exploitation of vulnerable Microsoft Exchange, Atlassian Confluence, and Apache Log4j instances, the advisory noted. "APT40 has embraced the global trend of using compromised devices, including small-office/home-office (SOHO) devices, as operational infrastructure and last-hop redirectors for its operations in Australia. Many of these SOHO devices are end-of-life or unpatched and offer a soft target for N-day exploitation," said the advisory, which called on organizations to ensure patch management, multi-factor authentication, network segmentation, least privileged access, up-to-date equipment, and web application firewall usage to defend their networks.