Today, we released a Joint Cybersecurity Advisory with international partners about a People’s Republic of China (PRC) state-sponsored cyber group, APT40, and the current threat it poses to Australian networks.
APT40 is conducting regular reconnaissance against networks of interest in Australia looking for opportunities to compromise its targets. The group uses compromised infrastructure, including small-office/home-office (SOHO) devices as operational infrastructure, to launch attacks that blend in with legitimate traffic, challenging network defenders.
This regular reconnaissance allows them to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and rapidly deploy exploits. APT40 continues to find success exploiting vulnerabilities due to systems being unpatched.
We strongly recommend implementing the ASD Essential Eight mitigation strategies, as well as additional relevant mitigations from our Strategies to Mitigate Cyber Security Incidents guidance.
Mitigation that can reduce the effectiveness of the activity includes:
• Logging and detection – maintaining comprehensive and historical logging information across web servers, window events and internet proxy
• Patch management – implement a centralised patch management system to automate and expedite the patch process.
• Network segmentation – segments networks to limit or block lateral movement by denying traffic between computers unless required.
To read the advisory and learn more about how to identify, prevent and remediate APT40 intrusions, visit https://lnkd.in/g8YnRnG6.
This advisory has been jointly issued by Cybersecurity and Infrastructure Security Agency, National Security Agency, Federal Bureau of Investigation (FBI), National Cyber Security Centre (UK), Communications Security Establishment Canada | Centre de la sécurité des télécommunications Canada, National Cyber Security Centre (NZ), Bundesnachrichtendienst (BND), Bundesamt für Verfassungsschutz (BfV), National Center of Incident Readiness and Strategy for Cybersecurity + National Police Agency (Japan), and National Intelligence Service + National Cyber Security Center (Korea).