The Malaysian Computer Emergency Response Team (CERT) has observed an increase in targeting against Government departments in Malaysia. The researchers mention APT40 in their report but do not attribute this activity to the group, as of this writing. The attack has been described as a data-stealing espionage campaign. APT40 has been active since 2013 and has been responsible for cyberespionage campaigns against multiple targets involved in the Belt and Road Initiative.
Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing and how to identify such attempts.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.