The Australian Signals Directorate and the Australian Cyber Security Centre are sounding the alarm. They’ve teamed up with cybersecurity experts from the U.S., Canada, and New Zealand to warn local tech professionals about Chinese-affiliated threat actors, notably Salt Typhoon, targeting critical communications infrastructure.
This warning follows the ASD’s Annual Cyber Threat Report for 2023-2024, highlighting that state-sponsored cyber actors have been relentlessly going after Australian governments, vital infrastructure, and businesses. They’re using increasingly sophisticated methods.
So, who is Salt Typhoon? Recently, the U.S. revealed that this China-linked group breached networks of at least eight telecommunications providers in the U.S. as part of a significant cyber espionage effort. The threat isn’t confined to the U.S.; it’s a global issue.
While Australian officials haven’t confirmed any breaches of local telecom companies by Salt Typhoon, Grant Walsh from cyber security firm CyberCX believes that if the ACSC is providing detailed warnings, the risk must be substantial. He pointed out that Australia’s telecom networks are equipped with some of the best cyber defenses, but the global threat landscape remains challenging. Telecommunications networks are prime targets for determined state-sponsored cyber espionage, particularly from groups tied to China.
Over the last year, ASD has made several joint advisories with international partners about the shifting tactics of state-sponsored cyber actors, especially those connected to China. In February 2024, the ASD collaborated with the U.S. and others in releasing a warning, identifying that China-sponsored actors aim to position themselves on vital information and communications technology networks, potentially to conduct disruptive attacks during a crisis.
The ASD noted that Australian infrastructure could be just as vulnerable to these threats as U.S. networks. These actors pursue state interests through espionage, influence, and attempts to position themselves for disruptive operations.
The ASD’s annual cyber report indicated that China’s targeting patterns suggest a strategy focused more on creating disruptive impacts rather than traditional espionage. However, there’s still a strong interest in gathering sensitive information and intellectual property from Australian organizations, which hold vast amounts of data.
State-sponsored attackers, like Salt Typhoon, are often labeled as “advanced persistent threat actors.” They’re not chasing quick profits like ransomware groups. Instead, they aim for long-term access to the sensitive parts of essential infrastructure, targeting telecommunications for espionage or potentially destructive purposes.
Walsh described their tactics as covert and sophisticated, designed to infiltrate critical infrastructure and remain undetected for lengthy periods. They might lie in wait to collect sensitive information or disrupt services in the event of a future conflict.
The ASD pointed out several common techniques used by these state-sponsored attackers. They often exploit supply chain vulnerabilities, making cyber supply chain risk management a key part of any cybersecurity strategy.
Another challenge is their use of “living off the land” techniques—taking advantage of existing network tools to achieve their goals while blending in with everyday operations. This stealthy approach complicates efforts to identify their activities as they bide their time.
As companies shift to cloud-based infrastructures, threat actors are adapting their methods to exploit these systems, using tactics like brute-force attacks to gain access to critical accounts.
While the landscape is complex, businesses can take steps to defend themselves against cyber threats. Updating software regularly, implementing endpoint security measures, and creating a solid incident response plan are key actions firms can use to bolster their defenses.
