Australia Accuses China-Linked Hackers of Targeting Government Networks

The Australian government along with cybersecurity agencies from the United States, Canada, the United Kingdom, Germany, South Korea, and Japan, accused the cyber group Advanced Persistent Threat (APT) 40 backed by the Chinese government of targeting organizations in multiple countries and published an advisory on Monday.

The document, titled People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action, provides more details on how the threat group—also known as Kryptonite Panda, Bronze Mohawk, GINGHAM TYPHOON, and Leviathan in the industry— operates and provides cases of study.

“The PRC state-sponsored cyber group has previously targeted organizations in various countries, including Australia and the United States, and the techniques highlighted below are regularly used by other PRC state-sponsored actors globally,” states the advisory. “Therefore, the authoring agencies believe the group, and similar techniques remain a threat to their countries’ networks as well.”

APT 40 has been reported to be located in Hainan Province, Haikou, and PRC, and receiving orders from Chinese government security agencies like the Hainan State Security Department and the Ministry of State Security (MSS). The threat group can quickly “transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilize them against target networks possessing the infrastructure of the associated vulnerability.”

The Australian government has informed that Australian networks—including networks in the private and government sectors—have been repeatedly attacked and represent an ongoing threat to them and to multiple countries across the globe.

Other agencies, including the United States National Security Agency (NSA), Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the New Zealand National Cyber Security Centre (NCSC-NZ), the German Federal Intelligence Service (BND), and the Canadian Centre for Cyber Security (CCCS) participated in the research.

The Chinese government has also been accused of spying on U.S. citizens through the social media app TikTok and is currently in a legal battle against the U.S. government.