Australia has identified a hacking group linked to the Chinese government, shortly after both countries emphasized stability in their diplomatic ties.

The Australian government, along with its Five Eyes allies and other nations, has identified APT40 as a state-sponsored group responsible for cyber attacks targeting both public and private sectors.

The group allegedly operated under the authority of China’s Ministry of State Security and is accused of engaging in espionage and cyber intrusions.

In April 2022, one Australian entity reported the theft of hundreds of usernames and passwords due to a cyber attack.

According to a joint advisory by the Australian Signals Directorate, APT40 focused on exploiting vulnerabilities in outdated and unmaintained networks and devices, with successful attacks dating back to 2017.

Compromised software included various versions of Log4, Atlassian Confluence, and Microsoft Exchange.

During a breach between July and September 2022, APT40 reportedly accessed sensitive data and moved laterally through the network of one Australian organization.

A spokesperson from the Chinese embassy denied these accusations, stating that China itself is a frequent target of cyber attacks and opposes baseless allegations.

This marks Australia’s first leading role in a cyber advisory from its Five Eyes partners and the first time Japan and South Korea have joined the attribution.

Defense Minister Richard Marles emphasized the importance of attributions in deterring cyber threats, while Home Affairs Minister Clare O’Neil highlighted the seriousness of foreign government cyber intrusions as a major threat.

The Australian Signals Directorate has published guidance on detecting intrusions on its official website.

This revelation follows Prime Minister Anthony Albanese’s recent meeting with Chinese Premier Li Qiang, where both leaders expressed optimism about improving bilateral relations and expanding cooperation.