Australia Joins 5 Eyes Alliance in Denouncing China’s Cyber Attack on US Critical Infrastructure

Australia Joins 5 Eyes Alliance in Denouncing China’s Cyber Attack on US Critical Infrastructure
A computer keyboard lit by a displayed cyber code on March 1, 2017. Kacper Pempel/Reuters
Henry Jom
Updated:
0:00

Australia has joined the Five Eyes Security Alliance in condemning a recent cyberattack by the Chinese Communist Party (CCP) that has targeted critical infrastructure networks across the United States.

The joint advisory was issued after it was discovered that a recent “cluster of activity” was associated with the CCP’s hacking group, Volt Typhoon—a state-sponsored actor typically focused on espionage and information gathering.

The Five Eyes alliance—an intelligence alliance between the U.S., UK, Canada, Australia, and New Zealand—also believes that the same techniques used by the CCP “could” be applied against other sectors worldwide.

In a joint statement published by the Australian Cyber Security Centre (ACSC) on May 25, Australia, along with the security alliance, said one of the primary tactics used by the cyber actor, in this case, the CCP, is “living off the land”—where the actor blends in with normal Windows systems to evade detection. This tactic exploits legitimate pathways instead of malware.

“They can avoid endpoint detection and response (EDR) products that would provide an alert on the introduction of third-party applications to the host and limit the amount of activity that is captured in default logging configurations,” the joint statement said.

“Many of the behavioural indicators included can also be legitimate system administration commands that appear in benign activity. Care should be taken not to assume that findings are malicious without further investigation or other indications of compromise.”

Microsoft Says Volt Typhoon Has Been Active Since 2021

In a May 24 statement, Microsoft said the CCP’s state hacking group has been active since mid-2021 and has targeted critical infrastructure organisations in Guam and the United States.

“In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors,” the company said.

“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

“Observed behaviour suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”

Microsoft has warned that because this activity relies on “valid accounts” and “living-off-the-land binaries (LOLBins),” detecting and mitigating this attack could be “challenging.”

“Compromised accounts must be closed or changed,” the company said.

Ministers Condemn Cyber Attack

Federal Home Affairs Minister Clare O’Neil said the Albanese government would not compromise national security.
“This activity should not be occurring, there is no question about that, and we are not going to be shy when we know who is responsible for that activity,” O'Neil said, reported the Australian Broadcasting Corporation (ABC).

“We have the evidence before us … it’s important for the national security of our country that we are transparent and upfront about the threats that we face.”

Shadow Cyber Security Minister James Paterson has called on the Albanese government to exercise great sanctions on China.

“While public attribution is a welcome first step, we must do more to deter this malign cyber activity,” Paterson said in a twitter post.

“Magnitsky cyber sanctions allow Australia to directly penalise those engaged in these attacks on our infrastructure. It’s time the Albanese govt used them.”

This follows the grounding of Chinese military-linked drones, DJI drones, by the Australian Border Force this week.

Henry Jom
Henry Jom
Author
Henry Jom is a reporter for The Epoch Times, Australia, covering a range of topics, including medicolegal, health, political, and business-related issues. He has a background in the rehabilitation sciences and is currently completing a postgraduate degree in law. Henry can be contacted at [email protected]
twitter
Related Topics