Australian IT Pros Urged to Guard Against Chinese Cybersecurity Threats

The Australian Signals Directorate and the Australian Cyber ​​Security Center have joined cyber security agencies in the United States, Canada and New Zealand to warn local technology professionals: Beware of China-Linked Threat Actorsincluding Salt Typhoon, penetrated their critical communications infrastructure.

The news comes weeks after a release from the Australian Signals Directorate. 2023-2024 Cyber ​​Threat Reportthe agency warned that state-sponsored cyber actors have been targeting the Australian government, critical infrastructure, and businesses that used evolving spying technologies during the most recent reporting period.

What is a salt typhoon?

recent, US reveals threat actor linked to ChinaTyphoon Salt disrupted the networks of at least eight U.S. telecommunications carriers as part of a “widespread and significant cyber espionage campaign.” But the event isn’t limited to U.S. shores.

Australian agencies have not yet confirmed whether Typhoon Yan has affected Australian telecommunications companies. However, Grant Walsh, head of telecommunications at local cybersecurity company CyberCX, said: Wrote “It is unlikely that ACSC and partner agencies would have issued such detailed guidance if the threat had not been real.”

“Telecom Networks has invested in some of Australia’s most sophisticated cyber defense systems. But the global threat landscape is worsening,” he wrote. “Telecommunications networks are a prime target for persistent and capable state cyber espionage groups, particularly those linked to China.”

look: Why Australian cyber security experts should worry about state-sponsored cyber attacks

Typhoon Salt: Part of a wider problem of state-sponsored threats

Over the past year, ASD has issued several joint advisories with international partners to highlight the changing operations of state-backed cyber actors, particularly those backed by China.

In February 2024, ASD, together with the United States and other international partners, Issue advisory. The report assesses that China-sponsored cyber actors are seeking to gain a foothold in information and communications technology networks to launch destructive cyber attacks on U.S. critical infrastructure in the event of a major crisis.

ASD notes that Australia’s critical infrastructure networks may be vulnerable to state-sponsored malicious cyber activity similar to that in the United States

“These actors conduct cyber operations to achieve national objectives, including espionage, exerting malign influence, disruption and coercion, and seeking to pre-position networks to conduct destructive cyber attacks,” ASD wrote in the report.

look: Australia passes groundbreaking cyber security law

The ASD said in its annual cyber report that China’s selection of targets and patterns of behavior were consistent with pre-targeting of disruptive impact rather than traditional cyber espionage. However, it said state-sponsored cyber actors also had information collection and espionage targets in Australia.

“State actors have an enduring interest in acquiring sensitive information, intellectual property and personally identifiable information to gain strategic and tactical advantage,” the report said. “Australian organizations typically hold large amounts of data and are therefore likely to be targeted by this type of activity.”

Common techniques used by state-sponsored attackers

Walsh said China-sponsored actors like Salt Typhoon are “advanced persistent threat actors.” Unlike ransomware groups, they do not seek immediate financial gain but “want to access sensitive core components of critical infrastructure, such as telecommunications, for espionage or even destructive purposes.”

“Their attacks are not designed to target systems and make a quick profit,” said Walsh. “Instead, these are covert, state-sponsored cyber espionage operations that use difficult-to-detect techniques to gain access to critical infrastructure and potentially remain there for millions of people.” years. They are waiting to steal sensitive data and even damage or destroy assets in the event of a future conflict with Australia.

ASD has warned defenders about common techniques utilized by these state-sponsored threat actors.

Supply chain compromise

this Supply chain compromises can serve as gateways to targeted networksAccording to ASD. The agency noted that “cyber supply chain risk management should be an important component of an organization’s overall cybersecurity strategy.”

Techniques for making a living off the land

ASD said one of the reasons why state-sponsored actors are so difficult to detect is that they use “built-in network management tools to achieve their goals and evade detection by blending into normal system and network activity.” These so-called “live off the land” techniques involve waiting to steal information from an organization’s network.

Cloud technology

As organizations move to cloud-based infrastructure, state-sponsored threat actors adapt their techniques to exploit cloud systems for espionage. ASD said techniques used to access organizations’ cloud services include “brute force attacks and password spraying to access high-privilege service accounts.”

look: How artificial intelligence is changing the cloud security equation

How to protect against online threats

There are some similarities between threat actors’ techniques and the weaknesses in the systems they exploit. ASD said state-sponsored cyber actors often use previously stolen data, such as cyber information and credentials from previous cybersecurity incidents, to further their operations and repurpose cyber equipment.

Fortunately, companies can protect themselves from cyberattacks. Earlier this year, TechRepublic’s roundup of expert advice About how businesses can protect against the most common cyber threats, including zero-day, ransomware and deepfakes. These recommendations include keeping software up to date, implementing endpoint security solutions and developing an incident response plan.