{"version":"1.0","provider_name":"Infoblox Blog","provider_url":"https:\/\/www.infoblox.com\/blog","author_name":"Infoblox Threat Intel","author_url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/","title":"Cyber Threat Advisory: APT40 TTPs and Trends","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"2fm1ax6bSs\"><a href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-apt40-ttps-and-trends\/\">Cyber Threat Advisory: APT40 TTPs and Trends<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-apt40-ttps-and-trends\/embed\/#?secret=2fm1ax6bSs\" width=\"600\" height=\"338\" title=\"&#8220;Cyber Threat Advisory: APT40 TTPs and Trends&#8221; &#8212; Infoblox Blog\" data-secret=\"2fm1ax6bSs\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.infoblox.com\/blog\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","thumbnail_url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/top-10-dns-attacks.jpg","thumbnail_width":660,"thumbnail_height":454,"description":"Cyber Threat Advisory: APT40 TTPs and Trends. On 19 July, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory on a Chinese Advanced Persistent Threat (APT) APT40, also known as BRONZE MOHAWK, FEVERDREAM, and MUDCARP. The advisory provided information about the APT\u2019s tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and mitigation recommendations.1 On this same day, the FBI, CISA, and National Security Agency (NSA) published a joint advisory on trends in cyber espionage activity that they observed across various Chinese state\u2013sponsored actors.2 These advisories coincide with the White House\u2019s July statement accusing the People\u2019s Republic of China (PRC) of hiring malicious actors to conduct, in early March 2021, cyber espionage operations that exploit zero-day vulnerabilities in Microsoft Exchange Servers."}