APT40

APT40 is a long-running, China-linked cyber-espionage group that systematically targets maritime, naval, defense manufacturers, shipbuilders, research institutions, and related government entities. The report outlines APT40's objectives and tradecraft — tailored spearphishing and impersonation, exploitation of internet-facing vulnerabilities, use of custom and lightweight remote access tools (notably ISLANDDREAMS and MUDCARP), persistence via registry keys and scheduled tasks, encrypted HTTPS C2 with fallback domains, and low-volume exfiltration — and warns that the group is expanding beyond maritime targets to aerospace, advanced manufacturing, and additional government agencies.