Australia, backed by allies like the US, UK, and Japan, has accused a Chinese state-sponsored hacking group, APT40, of breaching government and private sector networks.
Welcome to the Weekly Cyber Scan Wrap-Up, your essential source for the latest insights in cybersecurity and global tech affairs! In this edition, Australia, backed by allies like the US, UK, and Japan, has accused a Chinese state-sponsored hacking group, APT40, of breaching government and private sector networks. This move, endorsed by Five Eyes nations, underscores the ongoing threat of Chinese cyber espionage, despite recent diplomatic efforts to rebuild trade ties with China. The report highlights Australia's commitment to safeguarding its cyber infrastructure while balancing complex international relations.
Australia, supported by allies including the US, UK, and Japan, has accused a Chinese state-backed cyber hacking group of breaching the country’s government and private sector networks. The statement, endorsed by security and intelligence agencies from the Five Eyes nations and other allies, cited a “shared understanding” of a Chinese “state-sponsored cyber group and their current threat to Australian networks.”
The group, identified as Advanced Persistent Threat 40 (APT40), has been linked to China’s Ministry of State Security and is known for infiltrating various global entities.
“APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing,” the advisory noted.
This unprecedented move by the Australian Signals Directorate follows recent efforts to rebuild trade ties with China and highlights the persistent risks of Chinese cyber espionage.
The report marks the latest action by Western governments to combat Chinese cyber threats and raise awareness of their risks. In recent months, the US and UK have taken measures against other Chinese hacking groups, and the Five Eyes intelligence alliance has warned about Chinese espionage threats to critical tech sectors.
Australia’s foreign minister, Penny Wong, emphasised that publicising the allegations against APT40 is in the national interest, stating,
“We have always said we engage with China without compromising on what is important for Australia and to Australians.”
This stance underscores Australia’s commitment to safeguarding its cyber infrastructure while navigating complex diplomatic relations with Beijing.
A newly discovered attack called "Blast-RADIUS" affects the widely used Remote Authentication Dial-In User Service (RADIUS) protocol, according to a paper published by a team of researchers, Ars Technica reports. Developed in 1991, RADIUS is supported by almost all switches, routers, access points, and VPNs but still relies on the outdated MD5 hash function. The researchers explain,
"Our attack exploits an MD5 chosen-prefix collision on the ad hoc RADIUS packet authentication construction to produce Access-Accept and Access-Reject packets with identical Response Authenticators, allowing our attacker to transform a reject into an accept without knowledge of the shared secret between RADIUS client and server."
The paper's publication is being coordinated with security bulletins from at least 90 vendors, accompanied by patches implementing short-term fixes while a working group drafts longer-term solutions.
Microsoft issued patches for 142 vulnerabilities, including two actively exploited zero-days, Help Net Security reports. One zero-day (CVE-2024-38112) is a spoofing vulnerability in the Windows MSHTML Platform that can be triggered with a malicious HTML file.
Researchers at Check Point found that threat actors have been exploiting the flaw since January 2023, explaining, "Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL. An additional trick on IE is used to hide the malicious .hta extension name." By exploiting this vulnerability, attackers gained significant advantages despite the modern Windows 10/11 operating system.
The US Justice Department, along with security agencies in Canada and the Netherlands, has disrupted a Russian disinformation operation on X (formerly Twitter), SecurityWeek reports. The agencies seized two domains and identified "968 social media accounts used by Russian actors to create an AI-enhanced social media bot farm that spread disinformation in the United States and abroad."
The Justice Department stated, "The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the United States — which the operators then used to promote messages in support of Russian government objectives, according to affidavits unsealed today."
A Chinese ship captain has been charged in Taiwan for deliberately damaging a subsea cable, marking a rare prosecution tied to infrastructure sabotage. The case highlights growing concerns over global undersea cable vulnerabilities amid rising tensions with China.
Australia is facing a double threat to its financial security: cyberattacks on major superannuation funds and the fallout from Trump’s “Liberation Day” tariff declaration. Both have exposed deep vulnerabilities in retirement savings, leaving Australia’s future wealth increasingly at risk.
Major cyber alliances are buckling. Australia’s super funds are under digital siege, the US slashes cyber defenses, and Five Eyes unity is faltering. As threats mount from China and Russia, the West’s fractured response risks emboldening adversaries and weakening global cyber resilience.
The global data centre boom is faltering as credit risks, rising tariffs, and capital costs take hold. Valuations have dropped by as much as 40%, projects are being delayed or cancelled, and hyperscalers are stepping back from long term deals as the sector undergoes a major reset.
