Chinese Hackers Blamed For Cyber Attacks By Australia & Allies

A Chinese government-backed hacking group that targeted the public and private sector networks in Australia has been unmasked by the country and its allies.

The federal government, Five Eyes intelligence alliance partners, and other nations on Tuesday, in a joint report, identified the hacking group โ€˜APT40โ€™, known as Advanced Persistent Threat 40, for conducting malicious cyber operations on behalf of the Peopleโ€™s Republic of Chinaโ€™s Ministry of State Security.

The group is blamed for espionage and hacks, including against one Australian entity when hundreds of unique usernames and passwords were stolen in April 2022, as well as intercepting multifactor authentication codes.

“APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing,” the Australian Signals Directorateโ€™s Australian Cyber Security Centre (ASDโ€™s ACSC) that spearheaded the public attribution said in the advisory, which included inputs from lead cyber security agencies for the United States, UK, New Zealand, Canada, Japan, South Korea, and Germany.

โ€œAPT40 is actively conducting regular reconnaissance against networks of interest in Australia, looking for opportunities to compromise its targets. The group uses compromised devices, including small-office/home-office (SOHO) devices, to launch attacks that blend in with legitimate traffic, challenging network defenders.โ€

The hackers were found to prefer exploiting vulnerable, end-of-life, or no longer maintained devices on networks of interest and systems that are poorly maintained and unpatched through phishing campaigns and illegally collecting passwords and other credentials.

“APT40 continues to find success exploiting vulnerabilities from as early as 2017,” the ASD said.

According to the advisory, APT40 rapidly exploited newly found public vulnerabilities in widely used software such as Log4J, Atlassian Confluence, and Microsoft Exchange.

The findings of the ASDโ€™s ACSC investigation into the successful compromise of one Australian organization network between July and September 2022 showed how the APT40 was able to map the network and execute control.

“The investigation uncovered evidence of large amounts of sensitive data being accessed and evidence that the actor moved laterally through the network,” the advisory said.

ASD has issued advice for network security actions that should be taken to detect and prevent intrusions by APT40.

This is the first time Australia has taken the lead on a cyber advisory and the first time Japan and Korea have joined the nation in attribution.

โ€œ(The Australian government) is committed to defending Australian organizations and individuals in the cyber domain, which is why for the first time we are leading this type of cyber attribution,โ€ Defense Minister Richard Marles said in a statement emphasizing how these attributions are an increasingly important tool in deterring malicious cyber activity.

Cyber intrusions from foreign governments added “one of the most significant threats we face”, Home Affairs Minister Clare O’Neil said.

Subscribe to our newsletter

To be updated with all the latest news

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post