Labor names and shames Chinese state-sponsored hackers
The Albanese government has called out a Chinese state-sponsored hacking group for breaching multiple Australian networks, just weeks after the PM welcomed China’s No. 2 leader.
A Chinese cyber espionage group called out by the Albanese government for infiltrating public and private sector networks in Australia had also targeted government systems across the South Pacific.
In an unprecedented Australian-led attribution of Beijing’s cyber espionage, the Australian Signals Directorate said the group, dubbed APT40, had waged a years-long hacking campaign on behalf of China’s Ministry of State Security.
The move came just weeks after Anthony Albanese welcomed China’s No 2 leader to Australia and hailed the stabilisation of the countries’ ties.
It’s unclear whether the Prime Minister specifically raised ATP40’s activities with Premier Li Qiang, but it’s understood he conveyed Australia’s concerns over cybersecurity breaches and foreign interference.
APT40, also known as Gingham Typhoon, Kryptonite Panda, Leviathan and Bronze Mohawk, was recently identified by Microsoft as the region’s “most active” cyber espionage group, targeting networks in “nearly every South Pacific Island country”.
The group infiltrated island state government systems and internet service providers as Beijing sought to broker security agreements and seek favourable economic agreements with Pacific nations. “Heightened geopolitical and diplomatic competition in the region may be motivations for these offensive cyber activities,” Microsoft said.
Australia’s decision to publicly call out the state-sponsored group was backed by the US, Britain, Canada, New Zealand, Japan, South Korea and Germany.
“APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing,” the ASD’s Australian Cyber Security Centre said.
The group, which operated from the Chinese city of Haikou, in Hainan Province, received tasking from the MSS and provincial security figures.
It used vulnerabilities in widely used software including Atlassian Confluence and Microsoft Exchange to infiltrate targeted systems, and in some cases exploited compromised home office devices. Once inside a network, it sought to establish a persistent presence. In one case, APT40 was able to steal several hundred unique usernames and passwords from an Australian entity in April 2022.
It is the first time Australia has initiated the attribution of malicious cyber activity to a Chinese state-sponsored group, and the first time that Japan and South Korea have joined with such an attribution.
The attribution, which is expected to be rejected by Beijing, follows Chinese Premier Li’s visit to Australia in June.
The Prime Minister said at the time the visit was “an important milestone in stabilising our relationship with China”, but declined to say whether he trusted him.
“We have differences of opinion, but it’s important that we be able to express those; that we’re able to be constructive about it,” he said at the time.
Australian cybersecurity company CyberCX said APT40 was “a voracious and equal opportunity predator” that was quick to weaponise publicised vulnerabilities in major software products.
“They are a prolific threat actor,” the company’s chief strategy officer, Alastair MacGibbon, said. “It appears they are generally going after the usual stuff the MSS is interested in – information on targeted countries’ citizens, economic or political espionage including targeting democratic processes, and creating deniable (systems) infrastructure for themselves to use later.”
Foreign Minister Penny Wong on Tuesday said the government was acting in the national interest in calling out Beijing’s malicious cyber activities. “We have always said we engage with China without compromising on what is important for Australia and to Australians,” she said.
Defence Minister Richard Marles said such attributions were an important deterrent to malicious cyber activity. “The Albanese government is committed to defending Australian organisations and individuals in the cyber domain, which is why for the first time we are leading this type of cyber attribution,” he said.
“This attribution is a product of the Australian Signals Directorate’s diligent work to uncover this malicious cyber activity and is a key part of ensuring Australians remain safe from cyber attacks.”
Australian Strategic Policy Institute executive director Justin Bassi welcomed the attribution, but said the ministers had underplayed the Chinese government’s involvement. “More should be expected when we are talking about a major power and our largest trading partner using cyberspace to hack, attack, undermine and manipulate us,” he said.
“Just as we keep the public informed of the threat of terrorism, we need to be more up front about the reality of the threat, regardless of the nation, entity or individual.”
The attribution follows the government’s support in February for a US-led warning on activities of Chinese state-sponsored hacking group Volt Typhoon.
Ditch the ‘flexibility stigma’ on hybrid work, bosses told
Greater job flexibility is seeing more women in their 30s, 40s and 50s shifting from part-time to full-time work, a new study finds.
Nampijinpa Price electoral weapon for Tehan as race tightens in key seat
Jacinta Nampijinpa Price has been deployed by the Liberals as an electoral weapon in the fight against a Climate-200 backed candidate in Wannon as new research shows the seat is ‘too close to call’.