The Australian Indicators Directorate and the Australian Cyber Safety Centre have issued a joint alert with international partners, cautioning native technology professionals about potential threats to critical communication infrastructure, including the notorious SaltHurricane tactic of infiltration.
The intelligence was disseminated by the Australian Signals Directorate weeks ago, following which the organization cautioned that state-backed cyber actors had consistently targeted Australian governments and firms employing innovative tactics during the most recent reporting period.
What’s Salt Hurricane?
Recently, Salt Hurricane has successfully breached the networks of at least eight US-based telecommunications providers, as part of a far-reaching and significant cyber espionage operation. But its scope extends well beyond American shores. shores.
Australian companies remain tight-lipped on whether Salt Hurricane has made inroads with local telecommunications providers. Despite this, Grant Walsh, telecoms trade lead at the indigenous cybersecurity agency CyberCX, believes it is “highly improbable” the Australian Cyber Security Centre (ACSC) and its partner organizations would provide such comprehensive guidance if the threat were not genuinely pressing.
Telco networks in Australia have invested in some of the most mature cybersecurity defences on offer. As the global risk landscape continues to deteriorate, he noted. “Persistent and highly capable state-sponsored cyber espionage groups, particularly those linked to China, have a keen focus on exploiting telecommunications networks.”
The Salt Hurricane: A State-Sponsored Risk Drawback Unfolds
In the past year, the ASD has partnered with global counterparts to issue a series of joint advisories highlighting the shifting tactics employed by state-sponsored cyber actors, specifically those backed by China.
In February 2024, the Australian Signals Directorate (ASD) officially joined forces with the United States to strengthen their cyber cooperation and information sharing capabilities. While exploring the vast expanse of the globe, one encounters a diverse array of international associates. China-backed hackers have been seeking to infiltrate US data and communications networks with the intent of launching disruptive cyberattacks? Essential infrastructure must remain operational within the context of a major catastrophe.
Australia’s critical infrastructure networks may be vulnerable to sophisticated state-sponsored cyber attacks similar to those experienced in the United States.
The report from the ASD states: “These actors engage in cyber operations aimed at achieving state objectives, including espionage, exerting malicious influence, interference, and coercion, as well as positioning themselves to launch potentially disruptive cyber attacks.”
In its annual cyber report, ASD highlights China’s unorthodox tactics and behavioral patterns as indicative of a strategic effort to achieve unconventional outcomes rather than traditional cyber espionage goals. Despite this, state-sponsored cyber actors are reportedly targeting information-gathering and espionage operations in Australia.
“Government entities exhibit an insatiable appetite for sensitive information, intellectual property, and personal data, seeking to capitalize on these valuable assets for both strategic and tactical gains.” “Australian organizations typically possess vast amounts of data, making them an attractive target for such initiatives.”
State-sponsored attackers employ a range of tactics to compromise targeted networks and systems. These methods include; phishing emails that contain malicious attachments or links designed to trick users into divulging sensitive information, exploitation of known vulnerabilities in software and applications, using compromised insider accounts to gain access, and deploying malware such as Trojans, backdoors, and keyloggers.
According to Walsh, China-backed entities such as Salt Hurricane pose a superior and persistent threat. Unlike traditional ransomware groups seeking immediate financial gain, these actors prioritize gaining access to the sensitive core components of critical infrastructure – including telecommunications networks – for espionage purposes and potentially destructive activities.
“Their attacks shouldn’t revolve around locking up methods for a quick buck,” As stealthy alternatives, these covert, state-backed cyber operations utilize sophisticated tactics to infiltrate critical infrastructure undetected, often remaining dormant for years. They are poised to pilfer sensitive data and potentially wreak havoc on assets during any prospective conflict with Australia.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to defense teams regarding the widespread tactics employed by state-sponsored threat actors.
Provide chain compromises
What is being referred to as the ASD? Cyber supply chain threats pose a critical concern for organisations, necessitating the integration of robust threat administration within their comprehensive cyber security strategy.
Dwelling off the land methods
One of many reasons state-sponsored actors are notoriously difficult to detect is that they leverage “built-in community administration instruments” to outsmart their targets, blending in seamlessly with regular system and community actions through “dwelling off the land” tactics, thereby enabling them to readily exfiltrate sensitive data from an organization’s network.
Cloud methods
As organizations increasingly migrate to cloud-based infrastructure, state-sponsored threat actors are quick to exploit the new opportunities presented by this shift, constantly adapting their tactics to infiltrate and extract sensitive data from cloud environments. Attackers leveraging the ASD-mentioned methods exploit organisational cloud providers by employing brute-force attacks and password spraying tactics to gain access to highly privileged service accounts.
In today’s digital landscape, defending against cyber threats is a daunting task that requires a multifaceted approach. A proactive strategy must be developed to identify vulnerabilities, monitor networks and systems, and respond quickly to potential attacks. Can we truly claim to be safe when our online presence is constantly under siege?
Similarities exist between the tactics employed by risk actors and the vulnerabilities they target, highlighting a convergence of sorts between attacker and defendable. The ASD typically notes that state-sponsored cyber actors leverage pre-existing stolen information, including community data and credentials gathered from previous cyber security breaches, to augment their operations and re-exploit vulnerable community devices.
Cybersecurity threats notwithstanding, companies can effectively safeguard themselves against malicious online attacks. Twelve months ago, we explored strategies for companies to protect themselves against prevalent cyber threats, including zero-day attacks, ransomware, and deepfake manipulation. The solutions included keeping software up to date, deploying endpoint security measures, and developing an incident response plan.
