Hi All

The NCSC (National Cyber Security Centre) has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international partners to release an advisory outlining a People’s Republic of China (PRC) state-sponsored cyber group, APT40, and the current threat it poses to Australian networks.

APT40 is conducting regular reconnaissance against networks of interest in Australia as the group looks for opportunities to compromise its targets. The group uses compromised infrastructure, including small-office/home-office (SOHO) devices as operational infrastructure, to launch attacks that blend in with legitimate traffic and challenge network defenders.

This regular reconnaissance allows the group to identify vulnerable, end-of-life, or no longer maintained devices on networks of interest, and rapidly deploy exploits. APT40 continues to find success exploiting vulnerabilities due to systems being unpatched.

The NCSC encourages organisations to review the tradecraft outlined in the advisory and apply the detection and mitigation recommendations.

Mitigations that can reduce the effectiveness of the activity include:
👉Logging and detection – maintain comprehensive and historical logging information across web servers, window events and internet proxies.
👉Patch management – implement a centralised patch management system to automate and expedite the patch process.
👉Network segmentation – segment networks to limit or block lateral movement by denying traffic between computers unless required.

https://www.ncsc.govt.nz/news/prc-mss-tradecraft

Regards

Caute_Cautim