A warning has been issued about the People’s Republic of China state-sponsored cyber group APT40 Credit: SMS Shutterstock The Australian Signals Directorate (ASD) and international partners have warned about the People’s Republic of China (PRC) state-sponsored cyber group APT40 and the current threat it poses to local networks. According to the ASD, APT40 has been conducting regular reconnaissance against networks of interest in Australia, looking for opportunities to compromise its targets. The PRC state-sponsored cyber group has previously targeted organisations in various countries, including Australia and the United States, and the techniques highlighted below are regularly used by other PRC state-sponsored actors globally. “The group uses compromised infrastructure, including small-office/home-office (SOHO) devices as operational infrastructure, to launch attacks that blend in with legitimate traffic, challenging network defenders,” states the ASD. Notably, APT40 can rapidly transform and adapt to exploit proof-of-concept of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability. “This regular reconnaissance allows them to identify vulnerable, end-of-life, or no longer maintained devices on networks of interest and rapidly deploy exploits. APT40 continues to find success in exploiting vulnerabilities due to unpatched systems,” states ASD. The ASD has recommended implementing the ASD Essential Eight mitigation strategies and additional relevant mitigations from our Strategies to Mitigate Cyber Security Incidents guidance. Mitigation that can reduce the effectiveness of the activity includes: Logging and detection – maintaining comprehensive and historical logging information across web servers, window events and internet proxy Patch management – implement a centralised patch management system to automate and expedite the patch process. Network segmentation – segments networks to limit or block lateral movement by denying traffic between computers unless required. The advisory has been jointly issued by Cybersecurity and Infrastructure Security Agency, National Security Agency, Federal Bureau of Investigation, National Cyber Security Centre (UK), Communications Security Establishment Canada, National Cyber Security Centre (NZ), Bundesnachrichtendienst (BND), Bundesamt für Verfassungsschutz, National Center of Incident Readiness and Strategy for Cybersecurity + National Police Agency (Japan) and National Intelligence Service + National Cyber Security Center (Korea). Related content news EDGE 2024 in photos: White Dinner sponsored by WatchGuard Technologies Attendees from A/NZ were treated to a three course meal as well as a fireworks show. By Sasha Karen 16 Aug 2024 3 mins IT Leadership Industry Networking news EDGE 2024 in photos: Day 1 sessions A/NZ EDGE sessions tap into the power of AI, building and monetising a security practice, navigating the speed of change in the IT industry and business success. By Sasha Karen 15 Aug 2024 3 mins IT Leadership Industry Networking news Telstra records third consecutive year of underlying growth Although net profit after tax fell by 12.8 per cent. By Sasha Karen 15 Aug 2024 4 mins Business Operations Mobile Networking news 5G Networks chairman Joe Gangi resigns for 'personal reasons' The company does not plan to hire a replacement. By Sasha Karen 14 Aug 2024 2 mins Business Operations Careers Networking SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe