When to deploy patches is always dicey. Companies are worried about patches breaking things and certainly there is validity to that. But maybe this warning changes the economics.
China’s APT40, also known as Kryptonite Panda, Gingham Typhoon, Leviathan, and Bronze Mohawk is likely a contractor for the Chinese government.
The advisory, released by The Australian Signals Directorate (their NSA), the UK’s National Cybersecurity Center (NCSC), CISA and several more countries detailed how the APT40 works and urges companies to be ready for evolving techniques.
APT40 has previously targeted organizations in multiple countries including the United States and Australia.
APT40 has the ability, the spooks say, to quickly exploit new vulnerabilities including Log4J, Atlassian Confluence and Microsoft Exchange.
The advisory says that APT40 can exploit a vulnerability within hours of public release.
Multiple intelligence agencies expect the group to continue to create proofs of concept attack tools for high profile vulnerabilities within hours or days of release.
The alert says that these Chinese state-sponsored hackers can rapidly adapt these proofs of concepts into attack tools and start targeting companies immediately.
Importantly, this includes employee owned devices (BYOD), such as phones and laptops.
Given the objective of China to become the leading force in the world, no matter how, you should not expect APT40 and similar groups to do anything other than grow and become even more aggressive.
If your patching program needs some help, please contact us.
See more details at CSO Online
.