February 9, 2024
Friday 09 February 2024
The Australian Signals Directorate has joined a US warning that Chinese state-sponsored hackers are positioning themselves on IT networks in preparation for future disruptive cyber attacks "in the event of a major crisis or conflict with the US".
On Thursday, Australia joined with its Five Eyes partners the US, Britain, Canada and New Zealand to release two public advisories that attributed the compromise of US critical infrastructure organisations to Chinese and Russian state-sponsored actors.
The first advisory warned that a People's Republic of China state sponsored cyber group known as "Volt Typhoon" had compromised the IT environments of multiple critical infrastructure organisations primarily in the "communications, energy, transportation systems, and water and wastewater systems sectors" in both continental US and its territories, including the strategically important garrison island of Guam.
Alastair MacGibbon, the chief strategy officer at CyberCX and the former head of ASD's Australian Cyber Security Centre, said it would be "very naive" to assume the activities conducted by Volt Typhoon were not also occurring in Australia or New Zealand.
The advisory note, which was publicly released by ASD along with other Five Eye nation agencies, warned that "Australian and New Zealand critical infrastructure, respectively, could be vulnerable to similar activity from PRC state-sponsored actors".
The advisory noted that after gaining access to legitimate accounts, Volt Typhoon actors exhibited "minimal activity within the compromised environment . suggesting that their objective is to maintain persistence rather than immediate exploitation." Volt Typhoon actors would re-target the same organisations over a period of several years to "continuously validate and potentially enhance their unauthorised accesses".
Opposition home affairs spokesman James Paterson told The Australian it was welcome that the ASD had "joined this very important Five Eyes cybersecurity advisory." "We know Chinese Communist Party hackers are rife throughout critical US infrastructure there's no reason to think ours would be any different," Senator Paterson said.
"If we haven't found any yet, it's because we are not looking hard enough.
"Critical infrastructure operators must take this incredibly seriously and act promptly to remove this malicious presence which has only one motivation: to do our nation harm at a time of choosing of the People's Republic of China." A second advisory warned that the PRC and Russia were leveraging "living off the land" techniques to "compromise and maintain persistent access to critical infrastructure organisations".
Mr MacGibbon, a former special adviser to the prime minister on cyber security, explained the danger of hackers using "living off the land" techniques.
"Think about 'living off the land' as not introducing any new code into the victim's system," he said. "So once they've got access, which they usually do via a vulnerability they can exploit ... they will run queries and move around the system without introducing any code ... that the organisation doesn't already have." "It makes it much harder to detect. It just looks like normal user activity. They are hiding in plain sight in your systems." A government spokeswoman said Australia was concerned that the same techniques as were used by Chinese and Russian state sponsored cyber actors could be applied against critical infrastructure sectors around the world.
"The advisories contain advice to mitigate against these threats," the spokeswoman said.
"Australia expects all countries, including China and Russia, to act responsibly in cyberspace and to adhere to internationally agreed rules.
"Australia has been clear that we will always act in our national interest." 'It just looks like normal user activity. They are hiding in plain sight in your systems'