The Australian Signals Directorate (ASD) published an advisory on Tuesday warning of a Chinese state-sponsored hacking group using small office/home office devices as a launchpad for further cyber attacks. is using

gave Advisory Includes case studies of techniques used against two victim networks in Australia by hacking groups tracked by cyber security researchers as APT40, Kryptonite Panda, Gingham Typhoon and Bronze Mohawk.

There is a new advisory. Co-author By cyber authorities in Australia’s fellow Five Eyes states as well as Germany, Korea and Japan. It follows Britain’s director of cyber and intelligence agency GCHQ warning earlier this year about the “real and growing cyber threat” posed by China.

Small-office/home-office (SOHO) devices include Internet routers and other connected hardware.

was APT40. Guessed in July 2021 by GCHQ to conduct malicious cyber operations for China’s Ministry of State Security (MSS), the Communist Party’s secret police and intelligence agency.

The logo of the MSS, unlike other Chinese ministries, is not the five stars of the flag of the People’s Republic of China, but the hammer and sickle of the Chinese Communist Party. He has been accused of engaging in international repression, targeting Chinese nationals around the world by threatening relatives living in China.

Although the total headcount of the MSS is not publicly known, it is believed to be the largest intelligence agency in the world, with an estimated 100,000 employees in one of its relatively autonomous branches located throughout China. There are a large number of residents.

In addition to targeting opponents, the group is accused of stealing intellectual property to benefit Chinese companies, as well as targeting political institutions to obtain strategic intelligence.

ASD warned that hackers working for MSS are able to quickly adopt proof-of-concept exploits of new vulnerabilities “and immediately use them against target networks”, sometimes within a few days of public release. Within hours.

Specifically, the group conducts regular espionage against networks of interest to help hackers “identify vulnerable, end-of-life or unmaintainable devices on networks of interest, and rapidly in deploying feats from.”

“APT40 has continued to have success exploiting vulnerabilities since early 2017,” the report said, adding that the group “appears to exploit vulnerable, public-facing infrastructure.” Prefers techniques that require user interaction such as phishing campaigns.”

The ASD warned that hackers linked to MSS “have repeatedly targeted Australian networks, as well as public and private sector networks in the region, and continue to pose a threat to our networks.”

Get more insight with

Recorded future

Intelligence Cloud.

learn more.

Source link