Chinese-Backed Hackers Target Australian Networks: ACSC Report

Cybersecurity firms supported by Chinese authorities have been alleged to have stolen usernames and passwords from unspecified Australian networks in 2022, the Australian Cyber Security Centre (ACSC) reported on Tuesday. The investigation, which focused on the CCP-backed hacker group APT40, involved multiple international cybersecurity agencies.

The ACSC claimed APT40 conducted several operations for China's Ministry of State Security (MSS). According to leading cybersecurity agencies from the US, UK, Canada, New Zealand, Japan, South Korea, and Germany, APT40's activities and techniques align with those tracked as Advanced Persistent Threat (APT) 40.

According to the ACSC report, APT40 has consistently targeted Australian government and private sector networks. The group is known for rapidly adapting to exploit new vulnerabilities. They commonly engage in reconnaissance, exploit vulnerable infrastructure, and seek valid credentials to enable further activities using web shells.

The ACSC investigation noted that in August 2022, a malicious IP address linked to APT40 interacted with Australian computer networks. The compromised device likely belonged to a small business or home user.

(With inputs from agencies.)