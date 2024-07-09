The Australian Signals Directorate has uncovered a China-backed hacking group that stole hundreds of usernames and passwords from an Australian entity in April 2022.
The Australian government has blamed the attack on APT40, a Chinese state-sponsored group.
The investigation was led by Australia, and was conducted in collaboration with the Five Eyes partners - New Zealand, Canada, the US and UK - along with Germany, Japan and Korea.
It's the first time Australia has taken the lead on a cyber advisory and the first time Japan and Korea have joined the nation in attribution.
Home Affairs Minister Claire O'Neil said cyber attacks were one of the "most significant" threats facing Australia.
Defence Minister Richard Marles said naming the source of the attacks would dissuade future breaches.
"In our current strategic circumstances, these attributions are increasingly important tools in deterring malicious cyber activity," he said.
In a detailed report on the breach, the Australian Cyber Security Centre outlines that the hack exploited public vulnerabilities in widely used software, including Microsoft Exchange.
The group was able to access Australian systems through small office and home office devices, with the most vulnerable being at the end of their life or unpatched with more recent updates.
The report includes two case studies, outlining how APT40 surpassed security systems. These began as early as April 2022.
The release of the information comes the day after a sweeping directive was issued by Home Affairs, which required all Australian Government entities to audit their internet-facing systems to identify risks and cyber threats.
Cyber security expert Sarah Sloan of Palo Alto Networks, said by naming the threat and who was behind it, this would assist in preventing future attacks.
"It's a really important step in banding together and uniting certain countries and calling out these behaviours and that they're not acceptable," she said.
Opposition immigration and citizenship spokesman Dan Tehan welcomed the government releasing the details of the cyber attacks.
"We now call on China to stop these activities," he said.
"It is bad faith, it is not the way that a good international citizens should act. We welcome the government calling it out but we have to make sure that we're doing everything that we can to remain vigilant."
