topic APT40 attacks against Australia and New Zealand in Threats https://community.isc2.org/t5/Threats/APT40-attacks-against-Australia-and-New-Zealand/m-p/71819#M1246 <P>Hi All</P><P>&nbsp;</P><P>The NCSC (National Cyber Security Centre) has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international partners to release an advisory outlining a People’s Republic of China (PRC) state-sponsored cyber group, APT40, and the current threat it poses to Australian networks.</P><P>&nbsp;</P><P><SPAN class=""><SPAN>APT40 is conducting regular reconnaissance against networks of interest in Australia as the group looks for opportunities to compromise its targets. The group uses compromised infrastructure, including small-office/home-office (SOHO) devices as operational infrastructure, to launch attacks that blend in with legitimate traffic and challenge network defenders.<BR /><BR />This regular reconnaissance allows the group to identify vulnerable, end-of-life, or no longer maintained devices on networks of interest, and rapidly deploy exploits. APT40 continues to find success exploiting vulnerabilities due to systems being unpatched.<BR /><BR />The NCSC encourages organisations to review the tradecraft outlined in the advisory and apply the detection and mitigation recommendations.<BR /><BR />Mitigations that can reduce the effectiveness of the activity include:<BR /><span class="lia-unicode-emoji" title=":backhand_index_pointing_right:">👉</span>Logging and detection – maintain comprehensive and historical logging information across web servers, window events and internet proxies.<BR /><span class="lia-unicode-emoji" title=":backhand_index_pointing_right:">👉</span>Patch management – implement a centralised patch management system to automate and expedite the patch process.<BR /><span class="lia-unicode-emoji" title=":backhand_index_pointing_right:">👉</span>Network segmentation – segment networks to limit or block lateral movement by denying traffic between computers unless required.<BR /></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN><A href="https://www.ncsc.govt.nz/news/prc-mss-tradecraft" target="_blank" rel="noopener">https://www.ncsc.govt.nz/news/prc-mss-tradecraft</A></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Regards</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Caute_Cautim</SPAN></SPAN></P> Tue, 09 Jul 2024 04:39:09 GMT Caute_cautim 2024-07-09T04:39:09Z APT40 attacks against Australia and New Zealand https://community.isc2.org/t5/Threats/APT40-attacks-against-Australia-and-New-Zealand/m-p/71819#M1246 <P>Hi All</P><P>&nbsp;</P><P>The NCSC (National Cyber Security Centre) has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international partners to release an advisory outlining a People’s Republic of China (PRC) state-sponsored cyber group, APT40, and the current threat it poses to Australian networks.</P><P>&nbsp;</P><P><SPAN class=""><SPAN>APT40 is conducting regular reconnaissance against networks of interest in Australia as the group looks for opportunities to compromise its targets. The group uses compromised infrastructure, including small-office/home-office (SOHO) devices as operational infrastructure, to launch attacks that blend in with legitimate traffic and challenge network defenders.<BR /><BR />This regular reconnaissance allows the group to identify vulnerable, end-of-life, or no longer maintained devices on networks of interest, and rapidly deploy exploits. APT40 continues to find success exploiting vulnerabilities due to systems being unpatched.<BR /><BR />The NCSC encourages organisations to review the tradecraft outlined in the advisory and apply the detection and mitigation recommendations.<BR /><BR />Mitigations that can reduce the effectiveness of the activity include:<BR /><span class="lia-unicode-emoji" title=":backhand_index_pointing_right:">👉</span>Logging and detection – maintain comprehensive and historical logging information across web servers, window events and internet proxies.<BR /><span class="lia-unicode-emoji" title=":backhand_index_pointing_right:">👉</span>Patch management – implement a centralised patch management system to automate and expedite the patch process.<BR /><span class="lia-unicode-emoji" title=":backhand_index_pointing_right:">👉</span>Network segmentation – segment networks to limit or block lateral movement by denying traffic between computers unless required.<BR /></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN><A href="https://www.ncsc.govt.nz/news/prc-mss-tradecraft" target="_blank" rel="noopener">https://www.ncsc.govt.nz/news/prc-mss-tradecraft</A></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Regards</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Caute_Cautim</SPAN></SPAN></P> Tue, 09 Jul 2024 04:39:09 GMT https://community.isc2.org/t5/Threats/APT40-attacks-against-Australia-and-New-Zealand/m-p/71819#M1246 Caute_cautim 2024-07-09T04:39:09Z