China-backed spy group accused of cyber attacks on Australia

Most important points
  • A China-backed cyber-espionage group has been accused of carrying out malicious activities targeting Australia.
  • The group was identified in a joint advisory led by Australia, Five Eyes allies and several other countries.
  • The cyber group, known as APT40, is believed to have attacked government and private networks in Australia.
A cybercrime group operating on behalf of China’s powerful state security minister has been accused of espionage and hacks targeting Australian government and private sector networks.
The Australian government has taken the lead in publicly attributing malicious cyber activity to the Chinese state-sponsored group APT40.

Here’s what we know about the advisory, the spy group, and who they targeted.

What is APT40?

APT stands for Advanced Persistent Threat. Evaluations have shown that the group conducts malicious cyber operations for the Chinese Ministry of State Security.

The group’s activities and techniques overlap with those of groups known as Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk, the statement released by the consultancy said.

The advisory states that APT40’s “trading practices are regularly observed against Australian networks”.
The group is said to often use compromised devices, including SOHO (Small Office/Home Office) devices, to launch attacks that blend in with legitimate traffic, posing a challenge to network defenders.

Vulnerable networks are being abused through devices and systems that are no longer maintained or have outdated security.

What has APT40 done to Australia?

According to the advisory, APT40 has repeatedly targeted Australian networks and government and private networks in the region.
The advisory described two real-world examples of attacks on Australia.

In the first example, the group is said to have compromised an organization’s network between July and September 2022. The group was able to create its own map of the network and gain access to sensitive data.

In the second case study, APT40 is believed to have stolen hundreds of usernames and passwords from an Australian entity in April 2022.

Who was involved in the research?

The Australia Signals Directorate issued the advisory in collaboration with security services in Five Eyes partner states (New Zealand, Canada, the US and the UK), as well as those from Germany, Japan and South Korea.
Five Eyes is an intelligence alliance that was founded after World War II. Its members cooperated in the areas of security oversight and information sharing.
It is the first time an Australian agency has taken the lead on a cyber advisory and the first time Japanese and South Korean agencies have joined as joint authors.
According to Defence Minister Richard Marles, the attack was attributed to APT40 thanks to the diligence of the Australian Signals Directorate in revealing the threat.

“In our current strategic environment, these attributions are increasingly important tools in deterring malicious cyber activity,” he said.

Australia would continue to do business with China without compromising national security or interests, Foreign Minister Penny Wong said.
Home Secretary Clare O’Neil said all and follow the detection and mitigation recommendations.
“Cyber ​​intrusions by foreign governments are one of the greatest threats we face,” she said.
“Our intelligence agencies work tirelessly every day to identify and dismantle these actors.”
The Australian Signals Directorate has advised organisations to follow the ‘Essential Eight’ and all relevant accompaniment.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *