Cybersecurity firms backed by the Chinese authorities have been accused of stealing passwords and usernames from unnamed Australian networks in 2022, the Australian Cyber Security Centre (ACSC) reported on Tuesday.
The investigation against the CCP-backed hacker group titled APT40 involved Australian Cyber Security Centre, the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), the German Federal Intelligence Service (BND) and Federal Office for the Protection of the Constitution (BfV), the Republic of Korea's National Intelligence Service (NIIS) and NIS' National Cyber Security Center, and Japan's National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Police Agency (NPA), calling them authoring agencies.
The ACSA claimed that APT40 had conducted several cyber security operations for the PRC Ministry of State Security (MSS).
ACSA also claimed that "The activity and techniques overlap with the groups tracked as Advanced Persistent Threat (APT) 40" quoting the inputs from leading cyber security agencies from the US, Britain, Canada, New Zealand, Japan, South Korea and Germany.
According to the Activity summary section of the report by ACSA APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing.
The tradecraft described in this advisory is regularly observed against Australian networks. Additionally, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability.
APT40 regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies' countries, looking for opportunities to compromise its targets.
The same report also claimed that the Hacker group also prefers to exploit vulnerable, public-facing infrastructure, using techniques that require user interaction, it puts high priority on obtaining valid credentials to enable a range of follow-on activities using web shells.
The investigative report of the ACSC claimed that in August 2022, a confirmed malicious IP address believed to be connected with the cyber group had interacted with the organisation's computer networks between at least July and August. The compromised device probably belonged to a small business or home user.
(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)
Featured Video Of The Day
Suspense Continues Over Vinesh's Medal Verdict, New Deadline Is...
Neeraj Chopra vs Arshad Nadeem Javelin Series? Ex-Pakistan Star Says It'll Be Bigger Than... Huawei’s Upcoming Tri-Fold Smartphone Tipped to Carry a Hefty Price Tag at Launch Former Australia Captain Demands Demolition Of India's Historic Win Venue, Reason Is This 2 French Rafale Jets Collide Mid-Air, Instructor, Pilot Missing Tear Gas Fired After Kolkata Protest Against Doctor's Rape-Murder Turns Violent 150 mg Semen In Kolkata Doctor's Body, Suspect Gang-Rape: Parents To Court UGC NET 2024 City Intimation Slips Out For August 28-September 4 Exams Sri Lanka Has 39 Presidential Candidates This Time, But No Woman Among Them Trump Reveals Why He Sounded Like He Had A Lisp During Musk Interview Track Latest News Live on NDTV.com and get news updates from India and around the world.