July 9, 2024 at 07:21AM
The US, UK, Canada, Germany, Japan, New Zealand, and South Korea support Australia’s accusation of Chinese state-sponsored hacking into government networks. APT40, also known as Bronze Mohawk, is highlighted for targeting Australian and regional networks with advanced tradecraft, exploiting vulnerabilities in widely used software and leveraging tactics shared by other Chinese state-sponsored actors. Organizations are advised to enhance security measures.
The meeting notes discuss the involvement of the US, UK, Canada, Germany, Japan, New Zealand, and South Korea backing Australia in attributing cyberattacks on government networks to Chinese state-sponsored threat actors. The APT40 group, also known as Bronze Mohawk, Gingham Typhoon, Kryptonite Panda, and Leviathan, has been identified as a persistent threat to various networks, including those in Australia and the surrounding region.
APT40’s tactics include conducting reconnaissance operations, targeting vulnerable devices, rapidly adopting exploits for new vulnerabilities, and utilizing PoCs for new high-profile vulnerabilities shortly after their public release. The group prefers exploiting vulnerable, internet-facing infrastructure for initial access and has been observed exfiltrating credentials and compromising legacy small-office/home-office (SOHO) devices to blend in with legitimate network traffic.
The advisory emphasizes the need for organizations to implement comprehensive logging capabilities, promptly patch internet-accessible appliances, implement network segmentation, disable unused services, ports, and protocols, implement multi-factor authentication, and replace legacy equipment to mitigate the risk of similar attacks. Additionally, all organizations and software manufacturers are advised to review the advisory to identify, prevent, and remediate APT40 intrusions, and software vendors are urged to incorporate Secure by Design principles into their practices, according to the US cybersecurity agency CISA.
Lastly, the notes highlight related incidents and emphasize the need for a comprehensive approach to address the actions and techniques of threat actors, including urging software vendors to strengthen the security posture of their products.