In the realm of cybersecurity, a concerning threat has emerged targeting Australian organisations: APT40, a cyber-espionage group allegedly linked to the Chinese government. This revelation, detailed in a joint advisory by Australia and its international allies, has raised significant concerns within the Australian community.
Here’s a breakdown of the advisory.
APT40, also known as Advanced Persistent Threat 40, operates under China’s Ministry of State Security. They’re known for their sophisticated methods and have been previously identified under aliases like Kryptonite Panda and Leviathan. Their tactics involve exploiting outdated systems and compromised devices to hide their activities.
APT40 has focused its recent attacks on Australian government and private sector networks. Their approach involves meticulously mapping out networks and stealing sensitive information, such as usernames and passwords.
The advisory outlined two attacks on Australia:
The group has also previously been accused of targeting organisations in the US and UK.
Attributing these attacks to APT40 marks a significant moment in international cybersecurity cooperation. Led by the Australian Signals Directorate, the investigation was a joint effort supported by agencies from the US, UK, Canada, New Zealand, Germany, Japan, and South Korea.
This is the first time an Australian agency has led a cyber advisory, with Japanese and South Korean agencies joining as co-authors for the first time. According to Defence Minister Richard Marles, credit for identifying APT40 was given to the Australian Signals Directorate.
“In our current strategic situation, these attributions are increasingly important tools to deter malicious cyber activity,” said Minister Marles.
Foreign Minister Penny Wong assured Australia’s commitment to engaging with China while protecting national security and interests. Home Affairs Minister Clare O’Neil urged Australians to read the advisory and follow detection and mitigation recommendations.
“Cyber intrusions from foreign governments are among the biggest threats we face,” Minister O’Neil said, highlighting ongoing efforts by intelligence agencies to find and stop such actors.
For finance leaders and AP managers, understanding APT40’s tactics is crucial. Implementing strong cybersecurity measures, like the Essential Eight strategies recommended by the Australian Signals Directorate, is essential to protect financial data and prevent breaches.
Home Affairs Minister Clare O’Neil said all Australians should read the advisory and follow the detection and mitigation recommendations.
“Cyber intrusions from foreign governments are one of the most significant threats we face,” she said.
“Every day our intelligence agencies work tirelessly to identify and disrupt these actors.”
As cyber threats evolve, vigilance is key. The incidents involving APT40 underscore the persistent risks posed by state-sponsored cyber espionage. By staying informed and following best cybersecurity practices, finance leaders can enhance their organisations’ defences against such threats.
Nonprofits are prime BEC targets—see real attacks and what finance leaders must do to protect funds, data, and mission-critical operations.
Manufacturers are top targets for BEC scams. See 6 real cases that expose how attackers steal millions—and what finance teams must do to stay protected.
See how 5 real BEC scams stole millions from healthcare orgs—what finance leaders must know to stop attacks that target payments, data, and operations.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.
