Unmasked China-backed hacker group APT40 an 'ongoing threat' to Australian companies

Kimberley Caines

The West Australian

2 Min Read

09 Jul 2024

Hackers linked to China's government stole hundreds of Australian usernames and passwords. Credit: AAP

Australia and its allies have unmasked a Chinese government-backed hacking group that has been targeting the public and private sectors in the country and overseas.

The Federal Government and Five Eyes partners — New Zealand, Canada, the US and the UK, along with Germany, Japan and Korea — have identified the hacking group APT40 as being behind the attacks.

The group was acting on behalf of China’s powerful Minister of State Security and has been blamed for espionage and hacks, including against one Australian entity in April 2022 when hundreds of usernames and passwords were stolen.

Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.

By continuing you agree to our Terms and Privacy Policy.

“The threat they pose to our networks is ongoing,” the Australian Signals Directorate said in a joint advisory on Tuesday.

The group targeted outdated networks and devices that are no longer maintained, the ASD said.

“APT40 continues to find success exploiting vulnerabilities from as early as 2017.”

Compromised software included versions of Log4, Atlassian Confluence and Microsoft Exchange, according to the advisory.

One Australian organisation was compromised between July and September 2022, with APT40 able to map the network and execute control.

“The investigation uncovered evidence of large amounts of sensitive data being accessed and evidence,” the advisory said.

ASD has issued advice about how to detect intrusions on its website.

It’s the first time Australia has taken the lead on a cyber advisory and the first time Japan and Korea have joined the nation in attribution.

It comes four months after New Zealand blamed APT40 for attacks on the Parliamentary Counsel Office and the Parliamentary Service.

The UK has also blamed the group for targeting members of parliament.

Defence Minister Richard Marles said attributions were an increasingly important tool in deterring malicious cyber activity.

“The Albanese Government is committed to defending Australian organisations and individuals in the cyber domain, which is why for the first time we are leading this type of cyber attribution,” Mr Marles said in a statement.

“This attribution is a product of the Australian Signals Directorate’s diligent work to uncover this malicious cyber activity and is a key part of ensuring Australians remain safe from cyberattacks.

“In our current strategic circumstances, these attributions are increasingly important tools in deterring malicious cyber activity.”

Home Affairs Minister Clare O’Neil said cyber intrusions from foreign governments are “one of the most significant threats we face”.