National Security

Key infrastructure vulnerable to Chinese, Russian hackers

February 9, 2024

Friday 09 February 2024

Joe Kelly

The Australian

 The Australian Signals Directorate has joined a US warning that Chinese  state-sponsored hackers are positioning themselves on IT networks in  preparation for future disruptive cyber attacks "in the event of a major  crisis or conflict with the US".
 On Thursday, Australia joined with its Five Eyes partners the US, Britain,  Canada and New Zealand to release two public advisories that attributed the  compromise of US critical infrastructure organisations to Chinese and Russian  state-sponsored actors.
 The first advisory warned that a People's Republic of China state sponsored  cyber group known as "Volt Typhoon" had compromised the IT  environments of multiple critical infrastructure organisations primarily in  the "communications, energy, transportation systems, and water and  wastewater systems sectors" in both continental US and its territories,  including the strategically important garrison island of Guam.
 Alastair MacGibbon, the chief strategy officer at CyberCX and the former head  of ASD's Australian Cyber Security Centre, said it would be "very  naive" to assume the activities conducted by Volt Typhoon were not also  occurring in Australia or New Zealand.
 The advisory note, which was publicly released by ASD along with other Five  Eye nation agencies, warned that "Australian and New Zealand critical  infrastructure, respectively, could be vulnerable to similar activity from  PRC state-sponsored actors".
 The advisory noted that after gaining access to legitimate accounts, Volt  Typhoon actors exhibited "minimal activity within the compromised  environment . suggesting that their objective is to maintain persistence  rather than immediate exploitation." Volt Typhoon actors would re-target  the same organisations over a period of several years to "continuously  validate and potentially enhance their unauthorised accesses".
 Opposition home affairs spokesman James Paterson told The Australian it was  welcome that the ASD had "joined this very important Five Eyes  cybersecurity advisory." "We know Chinese Communist Party hackers  are rife throughout critical US infrastructure there's no reason to think  ours would be any different," Senator Paterson said.
 "If we haven't found any yet, it's because we are not looking hard  enough.
 "Critical infrastructure operators must take this incredibly seriously  and act promptly to remove this malicious presence which has only one  motivation: to do our nation harm at a time of choosing of the People's  Republic of China." A second advisory warned that the PRC and Russia  were leveraging "living off the land" techniques to  "compromise and maintain persistent access to critical infrastructure  organisations".
 Mr MacGibbon, a former special adviser to the prime minister on cyber  security, explained the danger of hackers using "living off the  land" techniques.
 "Think about 'living off the land' as not introducing any new code into  the victim's system," he said. "So once they've got access, which  they usually do via a vulnerability they can exploit ... they will run  queries and move around the system without introducing any code ... that the  organisation doesn't already have." "It makes it much harder to  detect. It just looks like normal user activity. They are hiding in plain  sight in your systems." A government spokeswoman said Australia was  concerned that the same techniques as were used by Chinese and Russian state sponsored  cyber actors could be applied against critical infrastructure sectors around  the world.
 "The advisories contain advice to mitigate against these threats,"  the spokeswoman said.
 "Australia expects all countries, including China and Russia, to act  responsibly in cyberspace and to adhere to internationally agreed rules.
 "Australia has been clear that we will always act in our national  interest." 'It just looks like normal user activity. They are hiding in  plain sight in your systems'

Recent News

All Posts