SYDNEY — Australia’s government cybersecurity agency on Tuesday accused a China-backed hacker group of stealing passwords and usernames from two unnamed Australian networks in 2022, adding that the group remained a threat.
A joint report led by the Australian Cyber Security Centre said the hackers, named APT40, had conducted malicious cyber operations for China’s Ministry of State Security, the main agency overlooking foreign intelligence.
“The activity and techniques overlap with the groups tracked as Advanced Persistent Threat (APT) 40,” said the report, which included inputs from lead cyber security agencies for the United States, Britain, Canada, New Zealand, Japan, South Korea and Germany.
China’s embassy in Australia did not immediately respond to a request seeking comment.
U.S. and British officials in March had accused Beijing of a sweeping cyberespionage campaign that allegedly hit millions of people including lawmakers, academics and journalists, and companies including defense contractors. They said China-backed “APT31” was responsible for the network intrusion.
China at the time said the hacking allegations by U.S. and Britain were “political maneuvering.”
APTs are a general term for cyber actors or groups, often state-backed, that engage in malicious cyber activities. New Zealand in March said APT40 targeted its parliamentary services and parliamentary counsel office in 2021 and had gained access to important information.
“(The Australian government) is committed to defending Australian organizations and individuals in the cyber domain, which is why for the first time we are leading this type of cyber attribution,” Defense Minister Richard Marles said in a statement released to the media.
The report comes as both Australia and China are rebuilding ties after a period of strained relations. Ties hit a low in 2020 after Canberra called for an independent investigation into the origin of COVID-19. Beijing responded by imposing tariffs on several Australian commodities, most of which have been lifted.