Australian IT Professionals Advised to Protect Against Chinese Cybersecurity Threats

Published:

Australian Cybersecurity Agencies Warn of Chinese Threat Actors Targeting Critical Infrastructure

In a significant development for cybersecurity in Australia, the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) have issued a stark warning to local technology professionals. They are urging vigilance against threat actors affiliated with China, particularly a group known as Salt Typhoon, which has been infiltrating critical communications infrastructure. This advisory aligns with similar warnings from cybersecurity institutions in the U.S., Canada, and New Zealand, highlighting a growing concern over state-sponsored cyber threats.

This alert follows the release of the ASD’s Annual Cyber Threat Report 2023-2024, which detailed persistent targeting of Australian governments, critical infrastructure, and businesses by state-sponsored cyber actors. The report emphasized the evolving tactics employed by these groups, indicating a sophisticated and ongoing threat landscape.

Understanding Salt Typhoon

Salt Typhoon has emerged as a notable threat actor, recently identified by U.S. cybersecurity agencies as having compromised the networks of at least eight telecommunications providers in the United States. This infiltration is part of a broader cyber espionage campaign that is not confined to U.S. borders. While Australian agencies have not confirmed any direct attacks on local telecommunications companies, experts like Grant Walsh from CyberCX suggest that the detailed guidance issued by the ACSC indicates a real and present danger.

Walsh noted that while Australian telco networks have robust cybersecurity measures, the global threat landscape is deteriorating. Telecommunications networks are particularly attractive targets for state-sponsored espionage groups, especially those linked to China, due to their critical role in national infrastructure.

A Broader State-Sponsored Threat Landscape

The ASD has been proactive in addressing the evolving operations of state-sponsored cyber actors, particularly those associated with China. In a joint advisory released in February 2024, the ASD and its international partners assessed that these actors are positioning themselves within information and communications technology networks to facilitate disruptive cyberattacks against critical infrastructure, particularly in times of crisis.

The ASD’s report highlighted that Australian critical infrastructure could be vulnerable to similar malicious activities observed in the U.S. The agency emphasized that these cyber operations are often driven by state goals, including espionage, influence, interference, and pre-positioning for potential disruptive attacks.

Techniques Employed by State-Sponsored Attackers

Salt Typhoon and similar threat actors are classified as "advanced persistent threats" (APTs). Unlike financially motivated cybercriminals, these groups focus on gaining access to sensitive components of critical infrastructure for espionage or destructive purposes. Their operations are characterized by stealth and persistence, often remaining undetected for extended periods.

Supply Chain Compromises

One of the primary techniques used by state-sponsored actors is compromising supply chains. This approach allows them to gain access to target networks indirectly. The ASD emphasizes that effective cyber supply chain risk management should be integral to an organization’s cybersecurity strategy.

Living Off the Land Techniques

State-sponsored attackers often employ "living off the land" techniques, utilizing built-in network administration tools to achieve their objectives while blending in with normal system activities. This makes their operations difficult to detect, as they can remain hidden within the network for long durations.

Exploiting Cloud Systems

As organizations increasingly migrate to cloud-based infrastructures, threat actors have adapted their techniques to exploit vulnerabilities in these systems. The ASD warns that methods such as brute-force attacks and password spraying are commonly used to access privileged service accounts within cloud environments.

Defending Against Cyber Threats

Despite the sophisticated tactics employed by state-sponsored actors, organizations can take proactive steps to defend against cyber threats. The ASD highlights that these actors often leverage previously stolen data, such as network information and credentials, to further their operations. Therefore, maintaining robust cybersecurity practices is essential.

To bolster defenses, organizations are encouraged to:

  • Keep Software Updated: Regularly updating software can mitigate vulnerabilities that threat actors may exploit.
  • Implement Endpoint Security Solutions: Protecting endpoints is crucial, as they often serve as entry points for cyberattacks.
  • Develop an Incident Response Plan: Having a well-defined incident response plan can help organizations respond effectively to cyber incidents.

Conclusion

The warnings from the Australian Signals Directorate and the Australian Cyber Security Centre underscore the urgent need for vigilance among technology professionals in Australia. As state-sponsored cyber threats continue to evolve, particularly from actors like Salt Typhoon, it is imperative for organizations to enhance their cybersecurity measures and remain informed about the tactics employed by these sophisticated adversaries. By adopting a proactive approach to cybersecurity, businesses can better protect themselves against the growing threat landscape and safeguard their critical infrastructure.

Related articles

Recent articles