A Chinese government-backed cyber group has been responsible for hacks targeting private and public networks in Australia, according to the federal government.
The Australian Signals Directorate (ASD) said today it had worked with its partner agencies from the Five Eyes group – Britain, the US, New Zealand and Canada – to track the group APT40, which is backed by the Chinese Ministry of State Security.
The hacks against Australian networks, both government and private, date back years and are ongoing, the ASD says.
“APT40 is actively conducting regular reconnaissance against networks of interest in Australia, looking for opportunities to compromise its targets.
“The group uses compromised devices, including small-office/home-office (SOHO) devices, to launch attacks that blend in with legitimate traffic, challenging network defenders.
“APT40 continues to find success exploiting vulnerabilities in end-of-life or no longer maintained devices on networks of interest and systems that are poorly maintained and unpatched.”
The federal government hasn’t named victims but says in one example, APT40 stole several hundred unique usernames and passwords from an Australian entity back in April 2022.
