Australia accuses China-backed APT40 of cyberattacks on national networks
China’s embassy in Australia dismissed the allegations as ‘political manoeuvring’.
Australia’s government cybersecurity agency has pointed fingers at a China-backed hacker group, APT40, for pilfering passwords and usernames from two undisclosed Australian networks back in 2022. The Australian Cyber Security Centre, in collaboration with leading cybersecurity agencies from the US, Britain, Canada, New Zealand, Japan, South Korea, and Germany, released a joint report attributing these malicious cyber operations to China’s Ministry of State Security, the primary agency overseeing foreign intelligence. Despite these claims, China’s embassy in Australia refrained from immediate comments on the matter, dismissing the hacking allegations as ‘political manoeuvring’.
The accusations against APT40 come in the wake of previous allegations by US and British officials in March, implicating Beijing in a large-scale cyberespionage campaign that targeted a wide range of individuals and entities, including lawmakers, academics, journalists, and defence contractors. Moreover, New Zealand also reported on APT40’s targeting of its parliamentary services and parliamentary counsel office in 2021, which resulted in unauthorised access to critical information.
In response to these cyber threats, Defence Minister Richard Marles emphasised the commitment of the Australian government to safeguard its organisations and citizens in the cyber sphere. The attribution of cyber attacks marks a significant step for Australia, signalling its proactive stance in addressing cybersecurity challenges. The timing of this report is noteworthy as Australia and China are in the process of repairing strained relations following tensions that peaked in 2020 over the origins of COVID-19, leading to retaliatory tariffs imposed by Beijing on Australian exports, most of which have now been lifted.
The identification of APT40’s cyber activities stresses the persistent threat posed by state-sponsored hacker groups and the critical importance of robust cybersecurity measures to protect sensitive information and national security. The incident serves as a reminder of the importance of joint attribution networks and international cooperation in combating cyber threats.