Five Eyes Alliance Blames Chinese APT40 for Government Hacks

Australia isn’t alone! The Five Eyes (US, UK, Canada, NZ) along with Japan and South Korea join forces to blame a Chinese state-sponsored hacking group (APT40) for infiltrating government networks. This global alert urges stricter cybersecurity measures to combat the rapid exploitation of vulnerabilities.

Australia has received backing from the United States, United Kingdom, Canada, Germany, Japan, New Zealand, and South Korea in blaming Chinese state-sponsored threat actors, APT40, also known as GADOLINIUM, BRONZE, or TEMP.Periscope for hacking into government networks.

This accusation is supported by a joint advisory that sheds light on APT40’s tactics, techniques, and procedures (TTPs). The security advisory, which includes two anonymized investigative reports by the Australian Signals Directorate’s Australian Cyber Security Centre, reveals that APT40 has been focusing on exploiting newly discovered software vulnerabilities, often within hours of their public release. The Australian security experts played a crucial role in investigating two successful intrusions by APT40.

It is worth noting that in October 2023, Google’s Threat Analysis Group (TAG) listed the APT40 gang among the state-sponsored groups that exploited a WinRAR zero-day vulnerability during that time period.

The threat actor, known for its cyberespionage activities, has been found to have a particular interest in compromising credentials for privileged accounts. APT40 also demonstrates a preference for using end-of-life (EOL) or unpatched small-office/home-office (SOHO) devices as a launching point for its attacks.

According to the agencies that authored the advisory, APT40 is expected to continue using proof-of-concept (PoC) exploits for new high-profile vulnerabilities within hours or days of their public release. This highlights the urgency for security teams worldwide to prioritize and prepare for emergency patching to mitigate the risks posed by such rapidly evolving threats.

Ken Dunham, Cyber Threat Director at Qualys Threat Research Unit, commented on the development, emphasizing the critical race between patching vulnerabilities and threat actors weaponizing exploits.

He stated, “The race condition to win the war of patching is real, especially for nation-state groups like APT40 that weaponize exploits within hours or days of a patch release. Security teams that know APT40 is a major threat should be diligent in patching and have emergency patching preparation and prioritization, essential to de-risking.”

In response to the advisory, organizations must allocate time and resources to strengthen their cybersecurity defences, train employees, prioritize patch management, and remain vigilant against potential attacks.

  1. Data Leak Exposes Business Leaders and Top Celebrity Data
  2. Hackers Attack UK’s Nuclear Waste Services Through LinkedIn
  3. Data Leak Exposes 500GB of Indian Police, Military Biometric Data
  4. Major UK Security Provider Leaks Trove of Guard and Suspect Data
  5. Trove of UK Student Records Exposed in School Software Server Leak
  6. Personal data of 600,000 customers of U.S. fitness chain exposed Online
  7. Database Mess Up: Aussie Food Giant Patties Foods Leaks Trove of Data

Source link