Voice 9, International Desk, Sydney: Cyber security entities allegedly linked to Chinese state sponsorship stand accused of illicitly acquiring login credentials from undisclosed Australian networks in 2022, as per the Australian Cyber Security Centre (ACSC) announcement this week.
The inquiry into the CCP-affiliated hacking cohort known as APT40 engaged a consortium including the Australian Cyber Security Centre, the US Cybersecurity and Infrastructure Security Agency (CISA), the US National Security Agency (NSA), the US Federal Bureau of Investigation (FBI), the UK National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), the German Federal Intelligence Service (BND) and Federal Office for the Protection of the Constitution (BfV), the Republic of Korea's National Intelligence Service (NIIS) and NIS' National Cyber Security Center, and Japan's National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Police Agency (NPA), denoting them as the originating bodies.
The ACSC alleged that APT40 executed numerous cyber operations on behalf of the PRC Ministry of State Security (MSS). The ACSC further asserted that "the activities and methodologies align with the entities monitored as Advanced Persistent Threat (APT) 40," citing insights from prominent cyber defense agencies from the US, UK, Canada, New Zealand, Japan, South Korea, and Germany. As outlined in the report's activity summary segment by the ACSC, APT40 recurrently targeted Australian networks alongside governmental and corporate networks within the vicinity, signifying an ongoing menace to our networks.
The tactics delineated in this guidance are frequently witnessed across Australian networks. Moreover, APT40 possesses the capacity to swiftly modify and employ proof-of-concept(s) (POCs) for emerging vulnerabilities and promptly leverage them against target networks harboring the susceptible infrastructure. APT40 routinely engages in reconnaissance on networks of interest, encompassing networks within the countries of the originating agencies, seeking avenues to infiltrate their objectives.
The same report contended that the hacker group favors exploiting susceptible, outward-facing infrastructure, employing user interaction-reliant techniques, and emphasizing the acquisition of valid credentials to facilitate an array of subsequent actions utilizing web shells. The investigative dossier from the ACSC alleged that in August 2022, a confirmed malevolent IP address purportedly linked to the cyber collective interacted with the organization's computer networks between at least July and August. The compromised device likely belonged to a small enterprise or individual user.
