Australia has joined the Five Eyes Security Alliance in condemning a recent cyberattack by the Chinese Communist Party (CCP) that has targeted critical infrastructure networks across the United States.
The joint advisory was issued after it was discovered that a recent “cluster of activity” was associated with the CCP’s hacking group, Volt Typhoon—a state-sponsored actor typically focused on espionage and information gathering.
The Five Eyes alliance—an intelligence alliance between the U.S., UK, Canada, Australia, and New Zealand—also believes that the same techniques used by the CCP “could” be applied against other sectors worldwide.
“They can avoid endpoint detection and response (EDR) products that would provide an alert on the introduction of third-party applications to the host and limit the amount of activity that is captured in default logging configurations,” the joint statement said.
Microsoft Says Volt Typhoon Has Been Active Since 2021
In a May 24 statement, Microsoft said the CCP’s state hacking group has been active since mid-2021 and has targeted critical infrastructure organisations in Guam and the United States.“In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors,” the company said.
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.
“Observed behaviour suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”
Microsoft has warned that because this activity relies on “valid accounts” and “living-off-the-land binaries (LOLBins),” detecting and mitigating this attack could be “challenging.”
Ministers Condemn Cyber Attack
Federal Home Affairs Minister Clare O’Neil said the Albanese government would not compromise national security.“We have the evidence before us … it’s important for the national security of our country that we are transparent and upfront about the threats that we face.”
Shadow Cyber Security Minister James Paterson has called on the Albanese government to exercise great sanctions on China.
“Magnitsky cyber sanctions allow Australia to directly penalise those engaged in these attacks on our infrastructure. It’s time the Albanese govt used them.”
This follows the grounding of Chinese military-linked drones, DJI drones, by the Australian Border Force this week.