- Australia and Five Eyes partners identified the group
- Hundreds of usernames and passwords stolen
- READ MORE: Medibank hacker named
Australia and its allies have unmasked a Chinese government-backed hacking group that has targeted the public and private sectors.
The Australian government and Five Eyes partners New Zealand, Canada, the United States and the United Kingdom, along with Germany, Japan and Korea have identified state-run group APT40 as behind the attacks.
The group acted on behalf of China’s powerful Minister of State Security and has been accused of espionage and hacking, including against an Australian entity in April 2022, when hundreds of usernames and passwords were stolen.
“The threat they pose to our networks continues,” the Australian Signals Directorate (ASD) said in a joint notice on Tuesday.
The group targeted outdated networks and devices that are no longer maintained, the ASD said.
‘APT40 continues to be successful in exploiting vulnerabilities since 2017.’
The compromised software included versions of Log4, Atlassian Confluence and Microsoft Exchange, according to the advisory.
An Australian organization was compromised between July and September 2022, and APT40 was able to map the network and execute control.
Australia and its Five Eyes partners have identified state-run group APT40 as the perpetrator of the attacks (file image)
“The investigation uncovered evidence that large amounts of sensitive data and evidence had been accessed,” the notice said.
ASD has issued advice on how to detect intrusions on its website.
It is the first time Australia has taken the lead on cyber advice and the first time Japan and Korea have joined the country in the role.
Powers were an increasingly important tool to deter malicious cyber activity, Defence Minister Richard Marles said.
Home Secretary Clare O’Neil said cyber intrusions by foreign governments were “one of the most significant threats we face”.
