News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. PRC MSS tradecraft in action

PRC MSS tradecraft in action

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

12:00am, 9 July 2024

TLP Rating: Clear

PRC MSS tradecraft in action

The National Cyber Security Centre (NCSC) has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international partners to release an advisory outlining a People’s Republic of China (PRC) state-sponsored cyber group, APT40, and the current threat it poses to Australian networks. 

Authoring agencies include the:

  • ASD’s ACSC, 
  • United States Cybersecurity and Infrastructure Security Agency (CISA), 
  • United States National Security Agency (NSA),
  • United States Federal Bureau of Investigation (FBI),
  • United Kingdom National Cyber Security Centre (NCSC-UK), 
  • Canadian Centre for Cyber Security (CCCS), 
  • German Federal Intelligence Service (BND), 
  • Federal Office for the Protection of the Constitution (BfV), 
  • Korean National Intelligence Service (NIS),
  • Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), and
  •  National Police Agency (NPA).

The advisory draws on the authoring agencies’ shared understanding of the threat and ASD’s ACSC incident response investigations.

 

What's happening

Systems affected

APT40 is conducting regular reconnaissance against networks of interest in Australia, looking for opportunities to compromise its targets. The group uses compromised infrastructure, including small-office/home-office (SOHO) devices, as operational infrastructure to launch attacks that blend in with legitimate traffic and challenge network defenders. 

This regular reconnaissance allows them to identify vulnerable, end-of-life, or unmaintained devices on networks of interest, and rapidly deploy exploits. APT40 continues to find success exploiting vulnerabilities where systems remain unpatched.

What this means

As New Zealand organisations often use similar technology and systems to those used in Australia, the NCSC is alerting local organisations to this type of activity so they can take steps to defend against it.  

This is not the first time this cyber actor and similar activity have been flagged to New Zealand operators. In March, Minister Collins, the Minister responsible for the GCSB, publicly attributed malicious cyber activity affecting New Zealand Government agencies to this same cyber actor, APT40. The authoring agencies understand this actor is associated with the PRC Ministry of State Security (MSS).

What to look for

How to tell if you're at risk

The NCSC encourages organisations to review the scenarios outlined in the advisory’s case studies to understand how the actor employs their tools and tradecraft, and to take steps to defend against them. 

What to do

Prevention

The NCSC encourages organisations to review the tradecraft outlined in the advisory and apply the detection and mitigation recommendations

More information

If you have any questions about this advisory, contact the NCSC by email: info@ncsc.govt.nz.

APT advisory: PRC MSS tradecraft in action [PDF, 2.9 MB]