Leviathan

Threat Actor updated 25 days ago (2024-08-14T09:48:47.419Z)

Download STIX

Preview STIX

Leviathan, also known as APT40, TEMP.Periscope, TEMP.Jumper, Bronze Mohawk, Gingham Typhoon, ISLANDDREAMS, Kryptonite Panda, Red Ladon, and TA423, is a threat actor linked to numerous cyber espionage activities around the globe. Between 2011 and 2018, the group targeted government organizations, private businesses, and universities worldwide, leading to an indictment by the U.S. Justice Department in July 2021. The group's capabilities were highlighted in a joint advisory issued by cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S., warning about the group's rapid exploitation of disclosed flaws. Researchers at Leviathan Security Group have discovered a potential vulnerability within the Dynamic Host Configuration Protocol (DHCP) standard that can be exploited for malicious purposes. The technique, dubbed TunnelVision, involves running a rogue DHCP server on the same network as a targeted VPN user and configuring it to act as a gateway. When traffic hits this gateway, it is forwarded through to a legitimate gateway while being monitored by the rogue server. This method takes advantage of an obscure feature in the DHCP standard and could force users on a local network to connect to a rogue DHCP server. Leviathan's researchers, Lizzie Moratti and Dani Cronce, have warned that many VPN providers may not be able to deliver on their security promises due to this vulnerability. They suggest mitigating the risk by running VPNs from inside a virtual machine (VM). The discovery of this attack technique, which has technically been possible since the inclusion of Option 121 in the DHCP standard in 2002, underscores the evolving nature of cybersecurity threats and the need for continuous vigilance and proactive measures to protect digital assets.

Description last updated: 2024-08-14T09:06:07.478Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vpn

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Leviathan Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	Cybersecurity agencies warn of China-linked APT40 's capabilities
CISA	2 months ago	People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action \| CISA
CISA	2 months ago	CISA and Partners join ASD’S ACSC to Release Advisory on PRC State-Sponsored Group, APT 40 \| CISA
Securityaffairs	4 months ago	New TunnelVision technique can bypass the VPN encapsulation
Krebs on Security	4 months ago	Why Your VPN May Not Be As Secure As It Claims
CERT-EU	6 months ago	Zoomer Hackers Shut Down the Biggest Extortion Ring of All \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	Arms, Oil And Confronting Tehran: A Unique Azerbaijan-Israel Partnership – Analysis
DARKReading	9 months ago	Zatik Security Gains Momentum, Announces Co-Founder, CTO, Partner Network
CERT-EU	a year ago	Sony Fall Victim To CLop
CERT-EU	a year ago	Cybersecurity teams need to cast a wider net \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
MITRE	2 years ago	Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries \| Mandiant
CERT-EU	a year ago	Cyber Security Budgets Are Misspent