Cyber crime

Unveiling APT40: China-backed cyber espionage strikes Australia

Catherine Chipeta
3 Min

In the realm of cybersecurity, a concerning threat has emerged targeting Australian organisations: APT40, a cyber-espionage group allegedly linked to the Chinese government. This revelation, detailed in a joint advisory by Australia and its international allies, has raised significant concerns within the Australian community.

Here’s a breakdown of the advisory.

What is APT40?

APT40, also known as Advanced Persistent Threat 40, operates under China’s Ministry of State Security. They’re known for their sophisticated methods and have been previously identified under aliases like Kryptonite Panda and Leviathan. Their tactics involve exploiting outdated systems and compromised devices to hide their activities.

APT40: targets and tactics

APT40 has focused its recent attacks on Australian government and private sector networks. Their approach involves meticulously mapping out networks and stealing sensitive information, such as usernames and passwords.

The advisory outlined two attacks on Australia:

  • Between July and September 2022, APT40 compromised an organisation’s network, mapped it out, and accessed sensitive data.
  • In April 2022, APT40 allegedly stole hundreds of usernames and passwords from an Australian entity.

The group has also previously been accused of targeting organisations in the US and UK.

Taking down APT40: a global investigation

Attributing these attacks to APT40 marks a significant moment in international cybersecurity cooperation. Led by the Australian Signals Directorate, the investigation was a joint effort supported by agencies from the US, UK, Canada, New Zealand, Germany, Japan, and South Korea.

This is the first time an Australian agency has led a cyber advisory, with Japanese and South Korean agencies joining as co-authors for the first time. According to Defence Minister Richard Marles, credit for identifying APT40 was given to the Australian Signals Directorate.

“In our current strategic situation, these attributions are increasingly important tools to deter malicious cyber activity,” said Minister Marles.

Foreign Minister Penny Wong assured Australia’s commitment to engaging with China while protecting national security and interests. Home Affairs Minister Clare O’Neil urged Australians to read the advisory and follow detection and mitigation recommendations.

“Cyber intrusions from foreign governments are among the biggest threats we face,” Minister O’Neil said, highlighting ongoing efforts by intelligence agencies to find and stop such actors.

Implications for finance leaders

For finance leaders and AP managers, understanding APT40’s tactics is crucial. Implementing strong cybersecurity measures, like the Essential Eight strategies recommended by the Australian Signals Directorate, is essential to protect financial data and prevent breaches.

How to protect against cyber threats

Home Affairs Minister Clare O’Neil said all Australians should read the advisory and follow the detection and mitigation recommendations.

“Cyber intrusions from foreign governments are one of the most significant threats we face,” she said.

“Every day our intelligence agencies work tirelessly to identify and disrupt these actors.”

As cyber threats evolve, vigilance is key. The incidents involving APT40 underscore the persistent risks posed by state-sponsored cyber espionage. By staying informed and following best cybersecurity practices, finance leaders can enhance their organisations’ defences against such threats.

Has your data been exposed?
If your details have been caught up in a data breach, you – and your business – could be at higher risk of cybercrime or fraud. Use our free email checker to see if your details may be exposed.

Related articles

Cyber crime

A guide to cyberattack protection

On average, a cyberattack occurs every 10 minutes in Australia with small to medium enterprises (SMEs), education, healthcare and government the most …

Read more

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.