Australian Cyber Agency Collaborates with Global Partners to Alert on Chinese Hackers Targeting Critical Infrastructure in Australia

The Australian Signals Directorate’s Australian Cyber Security Centre has collaborated with various international cyber agencies to issue a warning about state-sponsored Chinese hackers. These hackers are targeting the networks of telecommunications companies, government entities, military infrastructure, and logistics networks globally. Known by multiple names, including Salt Typhoon, Operator Panda, RedMike, UNC5807, and GhostEmperor, these actors represent a significant advanced persistent threat (APT).

The advisory, released in conjunction with agencies from the Five Eyes intelligence alliance and other countries such as the Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland, and Spain, highlights the APT’s focus on entities in the United States, Australia, Canada, New Zealand, the United Kingdom, and beyond. The hackers exploit vulnerabilities in platforms from Ivanti, Palo Alto Networks, and Cisco, leveraging edge devices to gain access to networks. They modify routers to ensure persistent access and target authentication protocols, such as Terminal Access Controller Access Control System Plus (TACACS+), to facilitate lateral movement across network devices. 

Categories: Cybersecurity Threats, State-Sponsored Hacking, Telecommunications Vulnerabilities 

Tags: Cyber Security, Hackers, Telecommunications, Infrastructure, Networks, Vulnerabilities, Access, Protocols, Threat, Intelligence