Chinese Hackers

[kyonides]

Five Eyes’ and Allies Out CCP Syndicate for Ongoing Cyber Attacks

A Chinese Communist Party (CCP) spy group has been hacking public and private networks, according to federal intelligence agencies from the Five Eyes’ nations.

The Federal Bureau of Investigation, along with sister agencies like the Australian Signals Directorate (ASD), revealed that a group known as APT40 had been behind the historical and ongoing hacks.

The CCP Ministry of State Security backs the group and uses a sophisticated system to make detection difficult.

“APT40 is actively conducting regular reconnaissance against networks of interest in Australia, looking for opportunities to compromise its targets,” the ASD said in a statement.

“The group uses compromised devices, including small-office/home-office (SOHO) devices, to launch attacks that blend in with legitimate traffic, challenging network defenders,” it continued.

“APT40 continues to find success exploiting vulnerabilities in end-of-life or no longer maintained devices on networks of interest and systems that are poorly maintained and unpatched.”

A Chinese Communist Party (CCP) spy group has been hacking public and private networks, according to federal intelligence agencies from the Five Eyes’ nations.

The Federal Bureau of Investigation, along with sister agencies like the Australian Signals Directorate (ASD), revealed that a group known as APT40 had been behind the historical and ongoing hacks.

The CCP Ministry of State Security backs the group and uses a sophisticated system to make detection difficult.

“APT40 is actively conducting regular reconnaissance against networks of interest in Australia, looking for opportunities to compromise its targets,” the ASD said in a statement.

“The group uses compromised devices, including small-office/home-office (SOHO) devices, to launch attacks that blend in with legitimate traffic, challenging network defenders,” it continued.

“APT40 continues to find success exploiting vulnerabilities in end-of-life or no longer maintained devices on networks of interest and systems that are poorly maintained and unpatched.”

Australia Invests Billions in Secure Cloud Technology

Australia’s Defence Minister Richard Marles praised the work of the ASD in attributing the threat, and said this was an important part of deterrence.
His comments come days after the government announced a $2 billion (US$1.35 billion) top secret cloud computing program for intelligence agencies, to be developed in partnership with Amazon Web Services Australia.

“Modern defence forces and indeed modern conflict is more reliant upon information technology, upon computing infrastructure, than ever before,” he said.

“And in turn what that means, is that increasingly, modern conflict is occurring at a top-secret level and so this capability, in terms of computing infrastructure, will ensure that Australia maintains at-pace with the leading defence forces in the world,” he added.

“It will ensure that we have a far more resilient capable, lethal, modern and potent defence force for the future.”

The Top Secret (TS) Cloud will be purpose-built for Australia’s defence and national intelligence community agencies to securely host the country’s most sensitive information, and development new technologies.

You may also want to know that back in May 2024 the CCP also made an attempt to cyber-infiltrate the offices of Canadian parliamentarians. So this definitely is a highly important issue for the members of the Five Eyes alliance.

MPs Vote Unanimously to Investigate Chinese Hacking of Parliamentarians

MPs agreed unanimously on May 9 to investigate China’s cyberattacks against parliamentarians through a House of Commons committee.

The motion for the investigation was initiated by Conservative MP Garnett Genuis, who raised a question of privilege on April 29. He revealed that day that he and 17 other parliamentarians were targeted in 2021 by a Beijing-backed hacker group known as Advanced Persistent Threat 31 (APT31).

The cyberattack on Canadian parliamentarians was part of APT31’s broader hacking campaign against members of the Inter-Parliamentary Alliance on China (IPAC), Mr. Genuis told the House of Commons on April 29. IPAC is an international group of cross-party legislators working to more effectively tackle the threat of Beijing.

The APT31 attacks gained public attention after the U.S. Department of Justice unsealed an indictment on March 25, charging seven Chinese nationals linked to the hacker group. The indictment revealed that the group had spent approximately 14 years targeting critics of the Chinese regime, both in the U.S. and abroad, as well as businesses and political figures, with the goal of furthering Beijing’s economic espionage and foreign intelligence objectives.

Mr. Genuis, along with Liberal MP John McKay, also a co-chair of IPAC, raised concerns in an April 29 statement. They noted that despite warnings from U.S. intelligence authorities about APT31’s attacks dating back to 2022, the Canadian government did not inform the affected parliamentarians of the threat.

“Canadian legislators should have been informed as soon as possible, especially given the progressive nature of this attack,” the MPs wrote. “Steps should be taken to ensure legislators are informed of attacks or potential attacks against them in the future, and to sanction those responsible for this attack.”

On May 8, House Speaker Greg Fergus ruled that Mr. Genuis’s concern constituted a question of privilege. This privilege allows MPs to raise concerns about their parliamentary work being obstructed, prompting immediate consideration in the House of Commons. Mr. Genuis’s motion, now adopted, will be investigated by the House of Commons Standing Committee on Procedure and House Affairs.

Mr. Fergus pointed out that Mr. Genuis compared his situation to the question of privilege involving former Chinese consulate officer Wei Zhao’s intimidation campaign against Tory MP Michael Chong.

Targeting Personal Email

In an April 30 statement to The Epoch Times, Mathieu Gravel, spokesperson for the House of Commons Speaker’s Office, said the administration had “determined that the risk-mitigation measures in place had successfully prevented any attack,” adding that “There were no cybersecurity impacts to any Members or their communications.”

Mr. Genuis has disputed the claim that parliamentarians were unaffected, pointing out that his personal email was targeted. He told The Epoch Times that he received this information from IPAC and that is was collected by the FBI.

“Parliamentarians still need to know about targeted threats against them, even when those threats do not succeed. If someone tries to hurt me but their attempts are thwarted, I would still like to know I have been targeted in order to plan to protect myself going forward,” he said in the House of Commons on May 1.

“Moreover, your office is not at all able to say that these attacks were thwarted, because they evidently targeted members on both parliamentary and non-parliamentary emails.”