In a concerted effort to address the increasing cybersecurity threats, the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) have partnered with cybersecurity authorities from the U.S., Canada, and New Zealand. They are alerting local technology experts about potential threats linked to China, including a group known as Salt Typhoon, which has allegedly infiltrated vital communications infrastructures. This warning follows the ASD’s recent Annual Cyber Threat Report for 2023-2024, which highlighted ongoing cyber threats from state-sponsored actors targeting Australian government entities, critical infrastructure, and businesses with increasingly sophisticated tactics.
Salt Typhoon, identified as a China-affiliated cyber threat actor, has been implicated in compromising networks of multiple U.S. telecommunications firms as part of a significant cyber espionage campaign. While Australian agencies have not confirmed any breaches within their telecommunications sector by Salt Typhoon, cybersecurity experts like Grant Walsh from CyberCX suggest that the threat is credible. Walsh points out that despite strong cyber defenses in Australian telco networks, the global threat landscape is worsening, with state-backed cyber espionage groups, particularly those from China, targeting these networks.
The ASD has been proactive in issuing joint advisories with international partners, underscoring evolving threats from state-sponsored cyber actors, primarily those linked to China. In a recent advisory released in collaboration with the U.S., it was assessed that China-sponsored actors aim to position themselves within information and communications networks for potential disruptive cyberattacks against U.S. critical infrastructure. The ASD warns that Australian critical infrastructure could face similar vulnerabilities, with these actors conducting operations to fulfill state objectives, including espionage and coercion.
State-sponsored cyber actors like Salt Typhoon are categorized as “advanced persistent threat actors” who prioritize gaining access to critical infrastructure for espionage or destructive purposes rather than immediate financial gains. According to Walsh, these actors employ covert methods, such as using built-in network administration tools and blending in with normal network activities, making them challenging to detect. They also exploit supply chains and cloud systems, with techniques like brute-force attacks to access privileged accounts, thus posing a substantial threat to national security.
To mitigate these threats, the ASD emphasizes the importance of comprehensive cybersecurity strategies, including cyber supply chain risk management. Companies are advised to protect themselves by keeping software updated, implementing robust endpoint security solutions, and developing incident response plans. These preventive measures are crucial in defending against the sophisticated techniques employed by state-sponsored cyber actors who leverage previously stolen data to infiltrate network devices and conduct their operations.
Source link