Get your free copy of Editor’s Digest
FT editor Roula Khalaf picks her favourite stories in this weekly newsletter.
Australia, backed by allies including the United States, Britain and Japan, has accused a Chinese government-backed cyber hacking group of targeting the country’s government and private sector networks.
Tuesday’s statement was backed by security and intelligence agencies from Five Eyes member states the United States, Britain, Canada, New Zealand, Germany, Japan and South Korea, and noted a “shared understanding” of Chinese “state-sponsored cyber groups and the current threat to Australian networks”.
The intelligence agency said the group was conducting “malicious cyber operations” on behalf of China’s Ministry of State Security, adding that its activities and methods overlapped with groups previously identified as “Advanced Persistent Threat 40.”
Western intelligence agencies have previously accused APT 40, allegedly based in the southern Chinese province of Hainan, of infiltrating government agencies, companies and universities in the United States, Canada, Europe and the Middle East at the behest of the province.
“APT40 has repeatedly targeted Australian networks, as well as government and private sector networks in the region, and poses an ongoing threat to our networks,” the advisory said.
The Australian Communications Department’s naming of APT 40 is unprecedented for an Australian agency and comes less than a month after Chinese Premier Li Qiang visited the country as part of recent efforts to rebuild trade ties.
The report marks the latest effort by Western governments to crack down on Chinese cybersecurity threats and raise public awareness of the risks of Chinese hacking and espionage.
In March, the United States and Britain launched a campaign against APT31, a hacking group also run by Chinese intelligence services, which had targeted British parliamentary accounts, critics of the Chinese government, and British election monitoring groups.
Last year, FBI Director Christopher Wray and his Five Eyes counterparts held their first joint public event in Silicon Valley, warning of the risk of an “unprecedented threat” from Chinese espionage to disruptive technology sectors, from quantum computing to artificial intelligence.
The Five Eyes warned last month that China’s People’s Liberation Army was “actively recruiting” Western fighter pilots to help train Chinese pilots, while Britain and other European countries have in recent months increasingly accused Chinese agents of infiltrating Western political systems.
Australian Foreign Minister Penny Wong said it was in the national interest to make the allegations against APT 40 public, despite recent efforts to repair ties with Beijing. “We have always said we will engage with China without compromising on what is important to Australia and Australians,” she said in a statement.
The ASD, which is responsible for cyber defense in the Pacific, highlighted two historic intrusions by APT40, shedding light on the activities of the hacking group.
The agency said APT40 did not target users with “phishing” tactics, but rather exploited vulnerabilities in software developed by companies including Microsoft and Atlassian to infiltrate networks, including home devices, and established a base inside at least one network where it stole data and hundreds of passwords.
The ASD said the hacking group regularly conducts reconnaissance operations on target networks to “identify vulnerable, end-of-life or out-of-maintenance devices”, with its first successes as early as 2017.
Australia is increasing investment in cyber security from 2022 onwards as part of a wider review of its defence spending and strategy.
This month, the Australian government signed a $1.3 billion contract with Amazon to build a defence cloud network that will improve the country’s ability to share information with allies around the world.
