Australia, backed by allies like the US, UK, and Japan, has accused a Chinese state-sponsored hacking group, APT40, of breaching government and private sector networks.
Welcome to the Weekly Cyber Scan Wrap-Up, your essential source for the latest insights in cybersecurity and global tech affairs! In this edition, Australia, backed by allies like the US, UK, and Japan, has accused a Chinese state-sponsored hacking group, APT40, of breaching government and private sector networks. This move, endorsed by Five Eyes nations, underscores the ongoing threat of Chinese cyber espionage, despite recent diplomatic efforts to rebuild trade ties with China. The report highlights Australia's commitment to safeguarding its cyber infrastructure while balancing complex international relations.
Australia, supported by allies including the US, UK, and Japan, has accused a Chinese state-backed cyber hacking group of breaching the country’s government and private sector networks. The statement, endorsed by security and intelligence agencies from the Five Eyes nations and other allies, cited a “shared understanding” of a Chinese “state-sponsored cyber group and their current threat to Australian networks.”
The group, identified as Advanced Persistent Threat 40 (APT40), has been linked to China’s Ministry of State Security and is known for infiltrating various global entities.
“APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing,” the advisory noted.
This unprecedented move by the Australian Signals Directorate follows recent efforts to rebuild trade ties with China and highlights the persistent risks of Chinese cyber espionage.
The report marks the latest action by Western governments to combat Chinese cyber threats and raise awareness of their risks. In recent months, the US and UK have taken measures against other Chinese hacking groups, and the Five Eyes intelligence alliance has warned about Chinese espionage threats to critical tech sectors.
Australia’s foreign minister, Penny Wong, emphasised that publicising the allegations against APT40 is in the national interest, stating,
“We have always said we engage with China without compromising on what is important for Australia and to Australians.”
This stance underscores Australia’s commitment to safeguarding its cyber infrastructure while navigating complex diplomatic relations with Beijing.
A newly discovered attack called "Blast-RADIUS" affects the widely used Remote Authentication Dial-In User Service (RADIUS) protocol, according to a paper published by a team of researchers, Ars Technica reports. Developed in 1991, RADIUS is supported by almost all switches, routers, access points, and VPNs but still relies on the outdated MD5 hash function. The researchers explain,
"Our attack exploits an MD5 chosen-prefix collision on the ad hoc RADIUS packet authentication construction to produce Access-Accept and Access-Reject packets with identical Response Authenticators, allowing our attacker to transform a reject into an accept without knowledge of the shared secret between RADIUS client and server."
The paper's publication is being coordinated with security bulletins from at least 90 vendors, accompanied by patches implementing short-term fixes while a working group drafts longer-term solutions.
Microsoft issued patches for 142 vulnerabilities, including two actively exploited zero-days, Help Net Security reports. One zero-day (CVE-2024-38112) is a spoofing vulnerability in the Windows MSHTML Platform that can be triggered with a malicious HTML file.
Researchers at Check Point found that threat actors have been exploiting the flaw since January 2023, explaining, "Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL. An additional trick on IE is used to hide the malicious .hta extension name." By exploiting this vulnerability, attackers gained significant advantages despite the modern Windows 10/11 operating system.
The US Justice Department, along with security agencies in Canada and the Netherlands, has disrupted a Russian disinformation operation on X (formerly Twitter), SecurityWeek reports. The agencies seized two domains and identified "968 social media accounts used by Russian actors to create an AI-enhanced social media bot farm that spread disinformation in the United States and abroad."
The Justice Department stated, "The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the United States — which the operators then used to promote messages in support of Russian government objectives, according to affidavits unsealed today."
Taiwan’s TSMC could run Intel’s U.S. factories, heightening chip security debates. President Lai pledges more U.S. investment and increased defense spending, advocating a “democratic supply chain.” Trump demands reshoring, threatening tariffs if Taiwan doesn’t comply.
During his first White House meeting with Nvidia CEO Jensen Huang, President Trump signaled potential shifts in U.S. AI and semiconductor policy amid intensifying global competition. Discussions tackled export controls, DeepSeek breakthroughs, and challenges in global supply chains.
From TikTok’s dance-off to Instagram’s copycat moves, this week saw Trump forge powerful alliances with Silicon Valley’s elite. The launch of the $500B Stargate AI initiative and the fierce rivalry between Elon Musk and Sam Altman highlight a new era where politics and tech collide.
The AI race is on: Trump’s $500B “Stargate” with OpenAI, Oracle, NVIDIA, & SoftBank triggers a surge in power demand. Goldman’s Brian Singer forecasts data centers consuming 3–4% of global power by 2030. Meanwhile, Elon Musk and Sam Altman’s feud fuels the drama.
