Kryptonite Panda

Kryptonite Panda, also known as APT40, Bronze Mohawk, Periscope, Mudcarp, and GINGHAM TYPHOON among others, is a threat actor believed to be based in Haikou, Hainan Province, People's Republic of China. This threat group has been associated with an array of cyber-espionage operations targeting government organizations, companies, and universities across various industries. Their activities span across multiple geographical regions including the United States, Canada, Europe, the Middle East, and Africa. The cybersecurity industry often assigns multiple names to the same threat actor due to differing naming conventions, which can sometimes lead to confusion. In a recent incident, another threat actor named Blue Hornet managed to compromise Kryptonite Panda along with Lazarus Group, resulting in a significant data leak. This event showcases the complex and dynamic landscape of cyber threats where even malicious actors are not immune to attacks from their counterparts. It also underscores the need for continuous vigilance and robust cybersecurity measures across all entities, irrespective of their nature or intent. Google's Threat Analysis Group (TAG) has linked Kryptonite Panda to a fourth recent WinRAR attack attributed to China-backed IslandDreams through a phishing campaign that targeted users in Papua New Guinea in late August. This connection further solidifies the group's association with state-sponsored cyber activities and highlights their persistent efforts to exploit vulnerabilities for malicious purposes. The advisory detailing these findings is based on current investigations led by the Australian Cyber Security Centre (ACSC) and shared understanding of the People's Republic of China (PRC) state-sponsored cyber group, APT40.