An advisory issued by Australia and its key regional partners has implicated a Chinese spy agency for targeting government and private sector networks in Australia and across the broader region. The advisory specifically outlines the actions of the APT40 (Advanced Persistent Threat) group, associated with Beijing’s Ministry of State Security. This statement represents a notable escalation in global efforts to counter Beijing’s actions and marks the first direct technical attribution led by Australia attributing malicious cyber activities to a state-sponsored actor from China.
Australia and its key regional allies have leveled accusations against a Chinese spy agency for engaging in cyber espionage. Their allegations highlight a widespread operation targeting government and business networks, involving the theft of hundreds of usernames and passwords. The Australian Signals Directorate (ASD), a cyber intelligence agency, recently released an advisory that meticulously outlines the activities of the notorious APT40 (Advanced Persistent Threat) group, which has ties to China’s Ministry of State Security (MSS).
“APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing,” the advisory published on Tuesday morning said.
“Notably, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability.
“APT40 regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies’ countries, looking for opportunities to compromise its targets,” the statement added.
The attribution led by Australia has been joined by intelligence partners from the Five Eyes alliance, including the United States and United Kingdom, as well as Germany, South Korea, and Japan. This marks a significant increase in global opposition to Beijing’s actions.
Previously, Australia had collaborated with international partners on cyber attributions involving the MSS, but this instance marks the first time Australia has independently attributed malicious cyber activities directly to a Chinese state-sponsored actor.
APT40, believed to be behind ongoing attacks on Australian government and private sector networks, employs tactics such as exploiting outdated office and work-from-home devices lacking software updates and patches. This enables MSS-sponsored hackers to gain unauthorized access and conceal their activities within legitimate network traffic.
