Lmst

ACSC’s latest report shows an 11% rise in incidents and a sharp increase in cybercrime costs.

APT40 and BianLian remain key threats to Australian critical sectors.

Full story: https://www.technadu.com/australian-cyber-threat-report-11-increase-in-incident-rate-state-sponsored-actors-continue-to-be-a-threat/611391/

#CyberSecurity #APT40 #Australia #ACSC #ThreatIntelligence #TechNadu

✔Global Cybersecurity Agencies Issue Joint Advisory on APT40 Cyber Espionage Threat
Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have issued a joint advisory highlighting the persistent threat posed by APT40 Cyber Espionage , for more information read
For More Information
📕Read- https://cybrpro.com/apt40-cyber-espionage/
and get insights
#Cybersecurity #APT40 #Espionage #Threat #JointAdvisory #Cyberpromagazine

NSA Publishes Case Studies on PRC Tradecraft
https://intelligencecommunitynews.com/nsa-publishes-case-studies-on-prc-tradecraft/

#Cybersecurity
#APT40

Here is a cautionary notice from the #ASD regarding #APT40 / PRC MSS operations. It provides valuable insights into the tactics, techniques, and procedures of the threat actor. It is a fascinating document that sheds light on the activities of APT40/PRC MSS. #Threatactor #ttp #advisory > Cyber.gov.au https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/apt40-advisory-prc-mss-tradecraft-in-action

Multiple cybersecurity agencies warn of #China-linked #APT40's capabilities
https://securityaffairs.com/165491/breaking-news/apt40-china-joint-report.html
#securityaffairs #hacking #APT

Chinese #APT40 hackers hijack SOHO routers to launch attacks #CyberAttack #cybersecurity #ProxyLogon https://www.bleepingcomputer.com/news/security/chinese-apt40-hackers-hijack-soho-routers-to-launch-attacks/

People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action
#APT40
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

Chinese state-backed threat group group #APT40 called out for hacking campaigns which use small-office and home-office devices as a launching pad for attacks

"The NCSC has issued an advisory alongside partners in Australia, the US, Canada, New Zealand, Germany, the Republic of Korea and Japan, focusing on how one China state-sponsored cyber actor has carried out attacks against Australian networks.

"The threat group APT40 has embraced the trend of exploiting vulnerable small-office and home-office (SoHo) devices as a launching pad for attacks. These devices are softer targets when they are not running the latest software, or are no longer supported with security updates, and they more easily conceal malicious traffic." #infosec

https://www.ncsc.gov.uk/news/ncsc-and-partners-issue-alert-about-evolving-techniques-used-by-china-state-sponsored-cyber-attacks

「 #中国の #APT40 ギャングは、 #脆弱性が公開されてから数時間から数日以内に攻撃する準備ができています。」： The Register

「APT40を「 #国家支援のサイバーグループ」、中華人民共和国（中華人民共和国）がそのスポンサーであると説明している。この勧告を作成した機関（オーストラリア、米国、カナダ、ニュージーランド、日本、韓国、英国、ドイツ）は、APT40が「 #中国国家安全省（ #MSS ）のために #悪意のある #サイバー作戦を行っている」と考えている。」

中国政府は他国を侵害しようとしている点、容認できない。

https://www.theregister.com/2024/07/09/apt_40_tradecraft_advisory/

#prattohome #TheRegister

「 #中華人民共和国 ( #PRC ) #国家安全部 #APT40 #Tradecraft の活動」： CISA

「中華人民共和国 (PRC) 国家支援のサイバーグループと、オーストラリアのネットワークに対する彼らの現在の脅威について概説します。」

結構長いレポートです。

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

#prattohome #CISA

“More on the claims Chinese #hackers have targeted Australia: The foreign minister, Penny Wong, said the attribution of the malicious activity was an example of Australia seeking to “engage with China without compromising on what is important for #Australia and to Australians”.

The group, sponsored by the Chinese government, has targeted Australian government and private sector networks, the federal government claims.

A highly technical report, released today by Australian Signals Directorate, includes two case studies of alleged #APT40 activity. Both cases are anonymised, so no specific information about the targets are shared, but one claims that the group stole hundreds of user names and passwords from an ‘Australian entity’ in April 2022.

The report states that #ASD “could not determine the full extent of the activity” but believes several hundred passwords were stolen, and the Chinese group was able to gain access to the entity’s systems so that hackers could have posed as legitimate users (including administrators) to gain further access or potentially compromise systems.

The report says: “The authoring agencies assess that this group conduct malicious #cyber operations for the #PRC Ministry of State Security.””

<https://www.theguardian.com/australia-news/live/2024/jul/09/attorney-general-national-press-club-money-laundering-drug-use-on-the-rise-anthony-albanese-peter-dutton-labor-liberal?CMP=share_btn_url&page=with%3Ablock-668c79d58f0865638c68777e#block-668c79d58f0865638c68777e>

Western governments struggle to coordinate response to Chinese hacking

#Chinese #hacking attempts are not isolated events. Rather, they constitute the #ecosystem in which all western governments must navigate their relationships with Beijing.

In a report published on 27 March, Google said China “continues to lead the way for government-backed exploitation”.
#APT31 alone has been linked to hacks in France, Finland and of Microsoft, while New Zealand said this week that another well-known Chinese hacking outfit, #APT40, attacked its parliament in 2021 (the Chinese embassy in New Zealand denied the allegations).

A recent leak of data from the Chinese cybersecurity firm #iSoon revealed the extent to which China’s hackers for hire compete for government contracts,
sometimes hoovering up data from foreign agencies "on spec" with the hope of selling it to the highest bidder.
In the case of APT31, the US Department of Justice alleges that the hacking operation was💥 directly run by a provincial department of China’s ministry of state security.💥
But in general, said Mei #Danowski, a China cybersecurity expert and author of the "Natto Thoughts" newsletter,
🔸nearly every cybersecurity firm in China 🔸would have some sort of contract with government clients.
With a cybersecurity industry worth an estimated $13bn, that is a lot of potential hackers.

That leaves western governments struggling to coordinate an effective response to hacks or hacking attempts.
In many cases, the Chinese government has #plausible #deniability about responsibility, and it is not always clear what the impact of data breaches are.
Audrye #Wong, an assistant professor at the University of Southern California, said that while #Russian-based hacks oftene “sow discord and chaos”, #China was “more cautious” and “still very much cares about shaping perceptions of China and the Chinese Communist party”.

Many western international security experts refer to the maxim that while Russia may be the storm, China is climate change.

https://www.theguardian.com/world/2024/mar/29/western-governments-struggle-coordinate-response-chinese-hacking?CMP=Share_iOSApp_Other

New Zealand shares their own Chinese #cyberespionage problems: “The GCSB’s National Cyber Security Centre (NCSC) completed a robust technical assessment following a compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021, and has attributed this activity to a PRC state-sponsored group known as APT40" 🔗 https://www.beehive.govt.nz/release/parliamentary-network-breached-prc

APT40—aka BRONZE MOHAWK, FEVERDREAM, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper is a Chinese Advanced Persistent Threat (APT) group associated with China’s MSS Hainan State Security Department. On July 19, 2021, the U.S. Department of Justice (DOJ) unsealed an indictment against four APT40 cyber actors for their illicit computer network exploitation (CNE) activities via front company Hainan Xiandun Technology Development Company (Hainan Xiandun).

#China #news #newzealand #APT40

#WinRAR-Lücke wird von staatlichen Angreifern missbraucht | Security https://www.heise.de/news/Staatliche-Angreifer-missbrauchen-WinRAR-Luecke-9338821.html #CyberCrime #Hacking #Sandworm #Frozenbarents #APT28 #Frozenlake #APT40 #Islanddreams

Episode 221: Biden Unmasked APT 40. But Does It Matter? - Andrew Sellers, the Chief Technology Officer at QOMPLX joins us to unpack the reve... https://feeds.feedblitz.com/~/659295268/0/thesecurityledger~Episode-Biden-Unmasked-APT-But-Does-It-Matter/ #bidenadministration #departmentofjustice #salesforce.com #cyberespionage #government #salesforce #companies #spotlight #digitsec #podcasts #threats #hacking #qomplx #apt40 #china #saas

July 19, 2021

Compromise & exploitation of the Microsoft Exchange server undermined the security and integrity of thousands of computers and #networks worldwide, including in the member states and EU institutions.

Activities can be linked to the hacker groups known as #APT40 & #APT31 and have been conducted from the territory of China for the purpose of intellectual property theft and espionage.

The #US has long been concerned about the People's Republic of China's (PRC) irresponsible & destabilizing behavior in cyberspace.

An unprecedented group of allies and partners - including the European Union, the #UK, and #NATO - are joining the U.S in exposing and criticizing the PRC's malicious cyber activities.

The PRC's pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world. Today, countries around the world are making it clear that concerns regarding the PRC's malicious cyber activities is bringing them together to call out those activities, promote #network defense and #cybersecurity, and act to disrupt #threats to our #economies and #national #security.

Attributing with a high degree of confidence that malicious cyber actors affiliated with PRC's Ministry of State Security (MSS) conducted #cyber #espionage operations utilizing the zero-day vulnerabilities in #Microsoft #Exchange #Server disclosed in early March 2021.

We are aware that PRC government-affiliated cyber operators have conducted #ransomware operations against private #companies that have included ransom demands of millions of dollars. The PRC's unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts.

#usa #europe #otan

‣ https://www.consilium.europa.eu/en/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-its-territory/

‣ https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/

‣ https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking

Die USA, EU und weitere sehen es als erwiesen an, dass China für die gezielten Angriffe auf Microsoft Exchange Server verantwortlich ist.
USA, EU und Verbündete werfen China Angriffe auf Microsoft Exchange Server vor

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks - An APT group has started heavily relying on cloud services like Azure Active Directory and OneDriv... https://threatpost.com/microsoft-azure-chinese-hackers/159551/ #chinesestatesponsoredhacker #powershellempiretoolkit #azureactivedirectory #spearphishingattack #covid-19pandemic #cloudsecurity #websecurity #cloudattack #gadolinium #opensource #powershell #microsoft #onedrive #github #hacker #hacks #apt40 #azure