Add Category
An advisory issued by key regional partners led by Australia, has accused a Chinese spy agency of repeatedly targeting government and private sector networks in Australia and the wider region.
It detailed the activities of the APT40 (Advanced Persistent Threat) group which is linked to Beijing's Ministry of State Security.
The statement is a significant escalation of international pushback against Beijing's activities and the first Australian-led, direct technical attribution of malicious cyber activity to a Chinese state-sponsored actor.
Australia and key regional partners are accusing a Chinese spy agency of cyber espionage, targeting government and business networks, in a large-scale operation that involves stealing hundreds of usernames and passwords.
Cyber intelligence agency the Australian Signals Directorate (ASD) has just published a new advisory detailing the activities of the notorious APT40 (Advanced Persistent Threat) group, which is linked to Beijing's Ministry of State Security (MSS).
"APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing," the advisory published on Tuesday morning said.
"Notably, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability.
"APT40 regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies' countries, looking for opportunities to compromise its targets," the statement added.
Five Eyes intelligence partners including the United States and United Kingdom have joined the Australian-led attribution, along with Germany, South Korea and Japan, in what represents a significant escalation of international pushback against Beijing's activities.
While Australia has previously joined international partners in cyber attributions against the MSS, this is the first Australian-led, direct technical attribution of malicious cyber activity to a Chinese state-sponsored actor.
APT40 is suspected of regularly targeting Australian government and private sector networks and attempts to exploit compromised office and work-from-home devices to gain access to sensitive IT networks.
By exploiting devices with aging technology, which have generally missed out on software upgrades and regular patching, the MSS sponsored hackers are often able to gain unauthorised access and blend in with legitimate traffic on networks.
On Tuesday the ABC also revealed that the Home Affairs secretary had ordered a comprehensive audit of all internet-facing technology used by Commonwealth agencies over rising concerns about foreign interference and influence threats.
"We have always said we engage with China without compromising on what is important for Australia and to Australians," Foreign Minister Penny Wong said in a statement.
"The Albanese government is increasing Australia's diplomatic, economic and defence engagement with Japan and Korea, as well as with South-East Asia, with India, with the Quad and through AUKUS.
"It is all part of our work to make Australia stronger and more influential in the world, and to keep Australians safe."
The ABC has approached the Chinese embassy for comment.