Australia accuses China-backed hackers of breaching government networks

Australia, backed by allies including the US, UK and Japan, has accused a Chinese state-backed cyber hacking group of targeting the country’s government and private sector networks. 

The statement on Tuesday was backed by security and intelligence agencies from Five Eyes partner countries the US, UK, Canada and New Zealand as well as Germany, Japan and South Korea, and cited a “shared understanding” of a Chinese “state-sponsored cyber group and their current threat to Australian networks”.

The intelligence agencies said the group conducted “malicious cyber operations” for China’s Ministry of State Security, adding that its activity and methods overlapped with a group previously identified as Advanced Persistent Threat 40.

Western intelligence agencies previously have accused APT40, which was reported to be based in China’s southern Hainan province, of infiltrating government agencies, companies and universities in the US, Canada, Europe and the Middle East, under the orders from the ministry.

“APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing,” the advisory said.

The Australian Signals Directorate’s move to name APT40 was unprecedented for an Australian authority and came less than a month after China’s Premier Li Qiang visited the country in a reflection of recent efforts to rebuild trade ties. 

The report marked the latest action by western governments to crack down on Chinese cyber security threats and raise public awareness about the risks of Chinese hacking and espionage.

In March, the US and UK launched measures against the APT31 hacking group, also run by China’s spy service, which had targeted British parliamentary accounts, critics of the Chinese government and the UK election watchdog. 

Last year, FBI director Christopher Wray and his Five Eyes counterparts met in Silicon Valley for their first-ever joint public event, where they warned of the risk posed by “unprecedented threat” of Chinese spying to innovative tech sectors from quantum computing to artificial intelligence

Last month, the Five Eyes warned that the People’s Liberation Army was “aggressively recruiting” western fighter jet pilots to help train Chinese flyers, while the UK and other European countries have made a series of accusations of Chinese agents infiltrating western political systems in recent months.

Penny Wong, Australia’s foreign minister, said that publicising the allegations against APT40 was in the national interest despite recent efforts to mend relations with Beijing. “We have always said we engage with China without compromising on what is important for Australia and to Australians,” she said in a statement.

The ASD, which runs the Pacific country’s cyber defences, highlighted two historic breaches perpetrated by APT40 to illustrate the activities of the hacking group.

Rather than targeting users via “phishing” techniques, the agency said that APT40 exploited vulnerabilities in software developed by companies including Microsoft and Atlassian to breach networks, including home devices, and established a presence within at least one network that was used to steal data and hundreds of passwords. 

The ASD said the hacking group regularly conducted reconnaissance against its target networks “to identify vulnerable, end-of-life or no longer maintained devices”, having first achieved success as early as 2017. 

Chinese foreign ministry spokesperson Lin Jian on Tuesday said western countries were “using cyber security issues to smear and defame China” and accused the US of “leveraging its hegemonic status and technological advantages to conduct widespread cyber espionage worldwide”.

“Who is the biggest threat to global cyber security?” he added.

Australia has increased investment in cyber security since 2022 as part of a wider overhaul of its defence spending and strategy.

This month, Canberra signed a $1.3bn deal with Amazon to build a defence cloud network to improve its intelligence sharing capabilities with global allies.

Additional reporting by Wenjie Ding in Beijing