In an Australia-led report published on Tuesday morning, cybersecurity and intelligence agencies for the US, UK, Canada, New Zealand, Japan, South Korea and Germany said that APT40 had “repeatedly” targeted governments across the Indo-Pacific. The group was able to steal hundreds of unique usernames and passwords in one incident in April 2022, as well as intercepting multi-factor authentication codes, the report said.
“The authoring agencies assess that this group conducts malicious cyber operations for the PRC Ministry of State Security (MSS),” the report said, adding that APT40 more regularly exploited vulnerabilities in public-facing infrastructure rather than using techniques which required user interaction, such as phishing campaigns.
It is rare for Australia in particular to explicitly accuse the Chinese government of involvement in cyberattacks, particularly following the improvement of relations between Canberra and Beijing since the election of the centre-left Labour administration in May 2022. In June, China’s Premier Li Qiang became the first official of his seniority to visit Australia in more than seven years, a major milestone in the normalisation of diplomatic ties between the two countries.
Australia’s Home Affairs and Cybersecurity Minister Clare O’Neil said in a statement that cyber intrusions by foreign governments were “one of the most significant threats we face”.
“Every day our intelligence agencies work tirelessly to identify and disrupt these actors,” she said.
