Alert to Australian IT Professionals: Caution Against Cybersecurity Threats Originating from China
A prominent message from the Australian Signals Directorate and the Australian Cyber Security Centre advises tech experts in the country to remain vigilant against potential risks posed by threat actors with ties to China, like Salt Typhoon, who are targeting critical communication networks. This alert is in coordination with cybersecurity bodies from the U.S., Canada, and New Zealand.
In a recent development, the Annual Cyber Threat Report 2023-2024 by the Australian Signals Directorate highlighted the persistent targeting of Australian governments, crucial infrastructure, and businesses by state-sponsored cyber actors using evolving strategies.
Understanding Salt Typhoon
Recent revelations from the U.S. unveiled that Salt Typhoon, a threat actor linked to China, breached the networks of multiple American telecommunication providers as part of a substantial cyber espionage mission. The threat is not confined to U.S. territory.
While Australian agencies have not confirmed any breaches by Salt Typhoon in local telco companies, Grant Walsh, the telco industry leader at CyberCX, expressed skepticism. He emphasized that detailed guidance from ACSC and partner agencies wouldn’t be issued without a real threat presence.
Walsh highlighted the escalating global threat landscape, noting that telecommunications networks are lucrative targets for sophisticated state-backed cyber espionage groups. He emphasized the heightened risk associated with these cyber threats.
Salt Typhoon: A Constituent of Broader State-Sponsored Cyber Threats
Over the past year, the ASD has collaborated on numerous advisories with global partners to highlight the evolving modus operandi of state-sponsored cyber actors, particularly those linked to China.
Additionally, the ASD along with international partners released an advisory in February 2024, outlining China-sponsored cyber actors’ intentions to position themselves on networks for potential disruptive cyber assaults on U.S. critical infrastructure in crisis scenarios.
The ASD underscored the susceptibility of Australian critical infrastructure to similar malicious cyber activities seen in the U.S.
Evidently, state actors continue to target Australian organizations to obtain sensitive data for strategic advantages, as emphasized in the ASD’s annual report.
Common Strategies Employed by State-Sponsored Intruders
According to Walsh, China-sponsored actors, including Salt Typhoon, are sophisticated persistent threat agents. Their motives differ from ransomware groups, focusing on gaining access to critical infrastructure components for espionage or destructive ends rather than quick financial gains.
These actors engage in covert, state-backed cyber espionage campaigns, meticulously penetrating critical infrastructure to facilitate future data theft or disruption in conflicts with Australia.
The ASD has alerted defenders about the conventional tactics employed by such state-sponsored threat actors.
Compromising Supply Chains
Supply chain breaches can serve as gateways for network infiltration, as outlined by the ASD, emphasizing the need for robust cyber supply chain risk management within organizations.
“Living off the Land” Techniques
State-sponsored actors blend with regular network activities by utilizing built-in administration tools, making them challenging to detect. They wait patiently within the network to extract valuable information.
Cloud-Based Strategies
Adapting to the cloud-centric infrastructure, threat actors exploit cloud systems for espionage purposes, utilizing techniques like brute-force attacks and password spraying to access privileged service accounts.
DISCOVER: Evolution of Cloud Security in the Era of AI
Mitigating Cyber Threats
Striking parallels exist between threat actors’ methodologies and system vulnerabilities they exploit. State-sponsored cyber actors leverage previously pilfered data, including network information and credentials, to escalate their operations and exploit network devices again.
Fortunately, enterprises can shield themselves from cyber threats by following expert advice on fortifying defenses against prevalent attack vectors like zero-days, ransomware, and deepfakes. This includes maintaining software updates, deploying endpoint security solutions, and crafting robust incident response strategies.
About Author
