Chinese Hackers Target Australian Networks, Says ACSC

In 2022, the Australian Cyber ​​Security Center (ACSC) reported that Chinese government-backed hackers had stolen usernames and passwords from an unknown Australian network. The group behind the attacks is recognized as APT40. This group is alleged to have carried out cyber activities on behalf of China’s Ministry of State Security (MSS).

Who had taken part in the investigation?

The investigation into APT40 was a collaborative effort involving the ACSC, the United States Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), Germany’s Federal Intelligence Service (BND) and Federal Office for the Protection of the Constitution (BfV), South Korea’s National Intelligence Service (NIS) and its National Cyber Security Center, and Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Police Agency (NPA).

According to the ACSC APT40 has repeatedly targeted Australian networks including both government and private sector entities. The agency warned that the threat from APT40 is still continuing. The group is trying to hit on a large network.

Also Read | Will Biden Run in 2024? Democrats Voice Growing Concerns

APT40 frequently conducts reconnaissance on networks of interest, searching for vulnerabilities to exploit. The group prioritizes obtaining valid credentials to facilitate further activities, often using public-facing infrastructure and technologies that require user interaction.

The ACSC confirmed that a malicious IP address associated with APT40 had interacted with an Australian organization’s computer network between July and August. ACSC confirmed it in the year 2022. They also said that the compromised device likely belonged to a small business or home user.

So, the ACSC report highlights the persistent and evolving cyber threat posed by APT40 and emphasizes the importance of ongoing vigilance and cooperation among international cybersecurity agencies.