Australia, with support from allies like the US, UK, and Japan, has accused a Chinese state-backed cyber hacking group of targeting government and private sector networks.
The statement, supported by security and intelligence agencies from Five Eyes partners (the US, UK, Canada, and New Zealand) as well as Germany, Japan, and South Korea, cited a “shared understanding” of a Chinese “state-sponsored cyber group and their current threat to Australian networks”.
Intelligence agencies indicated the group conducted “malicious cyber operations” for China’s Ministry of State Security, noting its activities and methods overlap with a group previously identified as Advanced Persistent Threat 40 (APT40).
Western intelligence agencies have previously accused APT40, based in China’s southern Hainan province, of infiltrating government agencies, companies, and universities in the US, Canada, Europe, and the Middle East under ministry orders.
“APT40 has repeatedly targeted Australian networks and other regional government and private sector networks, posing an ongoing threat,” the advisory stated.
The Australian Signals Directorate’s move to name APT40 was unprecedented for an Australian authority and came shortly after China’s Premier Li Qiang visited the country, reflecting recent efforts to rebuild trade ties.
This report marks the latest effort by western governments to address Chinese cyber security threats and raise public awareness about the risks of Chinese hacking and espionage.
In March, the US and UK launched measures against the APT31 hacking group, also operated by China’s spy service, which had targeted British parliamentary accounts, critics of the Chinese government, and the UK election watchdog.
Last year, FBI Director Christopher Wray and his Five Eyes counterparts met in Silicon Valley for their first joint public event, warning of the “unprecedented threat” of Chinese spying to innovative tech sectors from quantum computing to artificial intelligence.
Recently, the Five Eyes warned that the People’s Liberation Army was “aggressively recruiting” western fighter jet pilots to train Chinese flyers. The UK and other European countries have also accused Chinese agents of infiltrating western political systems.
Penny Wong, Australia’s foreign minister, stated that publicizing the allegations against APT40 was in the national interest, despite efforts to mend relations with Beijing.
“We have always said we engage with China without compromising on what is important for Australia and Australians,” she said.
The ASD, responsible for the country’s cyber defenses, highlighted two historic breaches by APT40 to illustrate the group’s activities.
Rather than using phishing techniques, APT40 exploited software vulnerabilities in products developed by companies like Microsoft and Atlassian to breach networks, including home devices, establishing a presence to steal data and hundreds of passwords.
The ASD reported that APT40 regularly conducted reconnaissance on target networks “to identify vulnerable, end-of-life or no longer maintained devices,” with successful operations dating back to 2017.
Chinese foreign ministry spokesperson Lin Jian stated on Tuesday that western countries are “using cyber security issues to smear and defame China” and accused the US of “leveraging its hegemonic status and technological advantages to conduct widespread cyber espionage worldwide.”
“Who is the biggest threat to global cyber security?” he added.
Australia has increased its investment in cyber security since 2022 as part of a broader overhaul of its defence spending and strategy.
This month, Canberra signed a $1.3 billion deal with Amazon to build a defence cloud network aimed at enhancing its intelligence sharing capabilities with global allies.
Source: Financial Times