25 July, 2024
Close this search box.
China-backed hackers blamed for espionage, data theft


Spread the love

Australia has unmasked a hacking group backed by China’s government, weeks after the two nations highlighted stability in their relationship.

The federal government, Five Eyes partners and other nations have named state-sponsored group APT40 as responsible for attacks on the public and private sectors.

The group was acting on behalf of China’s powerful minister of state security and is blamed for espionage and hacks.

Hundreds of usernames and passwords were stolen in an attack on one Australian entity in April 2022.

The word 'password' among zeroes and ones on a screen
 Passwords and usernames were stolen in a 2022 attack by APT40, the signals directorate says. Image by Dave Hunt/AAP PHOTOS 

“The threat they pose to our networks is ongoing,” the Australian Signals Directorate said in a joint advisory on Tuesday.

The group targeted outdated networks and devices that are no longer maintained, the directorate said.

“APT40 continues to find success exploiting vulnerabilities from as early as 2017.”

Compromised software included versions of Log4, Atlassian Confluence and Microsoft Exchange, according to the advisory.

One Australian organisation was compromised between July and September 2022, with APT40 able to map the network and execute control. 

“The investigation uncovered evidence of large amounts of sensitive data being accessed and evidence that the actor moved laterally through the network,” the advisory said.

A Chinese embassy spokesperson rebuffed the findings and claimed China itself was a “major victim” of cyber attacks.

“We oppose any groundless smears and accusations against China,” they said in a statement on Tuesday.

“We keep a firm stance against all forms of cyber attacks and resort to lawful methods in tackling them.

“China does not encourage, support or condone attacks launched by hackers.”

Ethernet cables in a server room
 China says it does not condone cyber crime and was itself a “major victim” of hacking attacks. Image by Mick Tsikas/AAP PHOTOS 

It’s the first time Australia has taken the lead on a cyber advisory from Five Eyes intelligence partners Canada, New Zealand, the US and UK, and the first time Japan and Korea have joined the nation in attribution.

Attributions were an increasingly important tool in deterring malicious cyber activity, Defence Minister Richard Marles said.

Home Affairs Minister Clare O’Neil said cyber intrusions from foreign governments added “one of the most significant threats we face”.

ASD has issued advice on how to detect intrusions on its website.

The revelation comes weeks after Prime Minister Anthony Albanese hosted Chinese Premier Li Qiang during a four-day visit to Australia.

Mr Albanese said there were “encouraging signs” of stabilisation between the two nations during the trip and room for their relationship to expand.

About the Author