Australia, backed by allies like the US, UK, and Japan, has accused a Chinese state-sponsored hacking group, APT40, of breaching government and private sector networks.
Welcome to the Weekly Cyber Scan Wrap-Up, your essential source for the latest insights in cybersecurity and global tech affairs! In this edition, Australia, backed by allies like the US, UK, and Japan, has accused a Chinese state-sponsored hacking group, APT40, of breaching government and private sector networks. This move, endorsed by Five Eyes nations, underscores the ongoing threat of Chinese cyber espionage, despite recent diplomatic efforts to rebuild trade ties with China. The report highlights Australia's commitment to safeguarding its cyber infrastructure while balancing complex international relations.
Australia, supported by allies including the US, UK, and Japan, has accused a Chinese state-backed cyber hacking group of breaching the country’s government and private sector networks. The statement, endorsed by security and intelligence agencies from the Five Eyes nations and other allies, cited a “shared understanding” of a Chinese “state-sponsored cyber group and their current threat to Australian networks.”
The group, identified as Advanced Persistent Threat 40 (APT40), has been linked to China’s Ministry of State Security and is known for infiltrating various global entities.
“APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing,” the advisory noted.
This unprecedented move by the Australian Signals Directorate follows recent efforts to rebuild trade ties with China and highlights the persistent risks of Chinese cyber espionage.
The report marks the latest action by Western governments to combat Chinese cyber threats and raise awareness of their risks. In recent months, the US and UK have taken measures against other Chinese hacking groups, and the Five Eyes intelligence alliance has warned about Chinese espionage threats to critical tech sectors.
Australia’s foreign minister, Penny Wong, emphasised that publicising the allegations against APT40 is in the national interest, stating,
“We have always said we engage with China without compromising on what is important for Australia and to Australians.”
This stance underscores Australia’s commitment to safeguarding its cyber infrastructure while navigating complex diplomatic relations with Beijing.
A newly discovered attack called "Blast-RADIUS" affects the widely used Remote Authentication Dial-In User Service (RADIUS) protocol, according to a paper published by a team of researchers, Ars Technica reports. Developed in 1991, RADIUS is supported by almost all switches, routers, access points, and VPNs but still relies on the outdated MD5 hash function. The researchers explain,
"Our attack exploits an MD5 chosen-prefix collision on the ad hoc RADIUS packet authentication construction to produce Access-Accept and Access-Reject packets with identical Response Authenticators, allowing our attacker to transform a reject into an accept without knowledge of the shared secret between RADIUS client and server."
The paper's publication is being coordinated with security bulletins from at least 90 vendors, accompanied by patches implementing short-term fixes while a working group drafts longer-term solutions.
Microsoft issued patches for 142 vulnerabilities, including two actively exploited zero-days, Help Net Security reports. One zero-day (CVE-2024-38112) is a spoofing vulnerability in the Windows MSHTML Platform that can be triggered with a malicious HTML file.
Researchers at Check Point found that threat actors have been exploiting the flaw since January 2023, explaining, "Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL. An additional trick on IE is used to hide the malicious .hta extension name." By exploiting this vulnerability, attackers gained significant advantages despite the modern Windows 10/11 operating system.
The US Justice Department, along with security agencies in Canada and the Netherlands, has disrupted a Russian disinformation operation on X (formerly Twitter), SecurityWeek reports. The agencies seized two domains and identified "968 social media accounts used by Russian actors to create an AI-enhanced social media bot farm that spread disinformation in the United States and abroad."
The Justice Department stated, "The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the United States — which the operators then used to promote messages in support of Russian government objectives, according to affidavits unsealed today."
Elon Musk’s legal clash with OpenAI over its profit-driven shift intensifies, with a judge denying his bid to halt the change. Musk claims the move betrays OpenAI’s mission. The battle could reshape investor trust in OpenAI and boost Musk’s xAI in the fight for AI dominance.
Elon Musk’s X AI platform has been hit by a massive cyber-attack, leaving users in the U.S. and UK unable to refresh feeds or access accounts. Musk confirmed the attack’s severity, pointing to IP traces from “the Ukraine area,” though experts caution that origin masking is possible.
Late last week, an extraordinary announcement signaled a dramatic shift in U.S. cybersecurity policy: the Trump administration deprioritized Russia as a leading cyber threat. Experts fear downplaying Moscow’s aggression could expose American networks to new risks and undermine national security.
Since early 2022, the British government has tied Iran to over 20 plots threatening UK citizens, reflecting Tehran’s expanding covert tactics. These attempts—spanning assassination, kidnapping, and surveillance—mark a significant escalation on British soil.
