People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

This joint advisory from multiple national cybersecurity agencies details APT40 (a PRC state‑sponsored actor) activity against organizations in 2022, including two anonymized case studies where the group exploited internet‑facing applications and RCE vulnerabilities to deploy web shells, steal hundreds of credentials and session tokens (including MFA/JWT artifacts), move laterally, and exfiltrate sensitive data; the report maps observed TTPs to MITRE ATT&CK, provides IOCs and Sigma detection rules, and recommends patching, logging, segmentation and other mitigations.