9 Jul 2024

Japan and Korea join Australian-led pushback on Chinese hacking

7:14 pm on 9 July 2024

By Andrew Greene, ABC defence correspondent

China and Australia flags.

(file image) Photo: 123rf

Australia and key regional partners are accusing a Chinese spy agency of cyber espionage, targeting government and business networks, in a large-scale operation that involves stealing hundreds of usernames and passwords.

Cyber intelligence agency the Australian Signals Directorate (ASD) has just published a new advisory detailing the activities of the notorious APT40 (Advanced Persistent Threat) group, which is linked to Beijing's Ministry of State Security (MSS).

"APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing," the advisory published on Tuesday morning said.

"Notably, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability.

"APT40 regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies' countries, looking for opportunities to compromise its targets," the statement added.

Five Eyes intelligence partners including the United States and United Kingdom have joined the Australian-led attribution, along with Germany, South Korea, New Zealand and Japan, in what represents a significant escalation of international pushback against Beijing's activities.

While Australia has previously joined international partners in cyber attributions against the MSS, this is the first Australian-led, direct technical attribution of malicious cyber activity to a Chinese state-sponsored actor.

APT40 is suspected of regularly targeting Australian government and private sector networks and attempts to exploit compromised office and work-from-home devices to gain access to sensitive IT networks.

By exploiting devices with aging technology, which have generally missed out on software upgrades and regular patching, the MSS sponsored hackers are often able to gain unauthorised access and blend in with legitimate traffic on networks.

On Tuesday, the ABC also revealed that the Home Affairs secretary had ordered a comprehensive audit of all internet-facing technology used by Commonwealth agencies over rising concerns about foreign interference and influence threats.

"We have always said we engage with China without compromising on what is important for Australia and to Australians," Foreign Minister Penny Wong said in a statement.

"The Albanese government is increasing Australia's diplomatic, economic and defence engagement with Japan and Korea, as well as with South-East Asia, with India, with the Quad and through AUKUS.

"It is all part of our work to make Australia stronger and more influential in the world, and to keep Australians safe."

A spokesperson for the Chinese embassy in Canberra said China had a "consistent and clear position on this issue".

"We oppose any groundless smears and accusations against China," the spokesperson said.

"Keeping the cyberspace safe is a global challenge. In fact, China is a major victim of cyberattacks.

"We keep a firm stance against all forms of cyberattacks and resort to lawful methods in tackling them.

"China does not encourage, support or condone attacks launched by hackers."

- ABC

Get the RNZ app

for ad-free news and current affairs