ASD Publishes Joint Advisory on China PRC Operations - 20250829002

Overview

The Australian Signals Directorate (ASD) has issued a joint advisory stating that state-sponsored cyber threat actors from the People’s Republic of China (PRC) are conducting global cyberattacks.

These attacks target sectors such as telecommunications, government, transportation, lodging, and military infrastructure. The threat actors focus on compromising large backbone routers and edge devices, using infected systems and trusted connections to infiltrate networks. They often alter router settings to maintain persistent access.

What has been observed?

The threat actors from the People’s Republic of China (PRC) operations coincide with recognised cyber threat organisations tracked in the cybersecurity sector under names such as Salt Typhoon, OPERATOR PANDA, RedMike, UNC5807, and GhostEmperor, which are collectively referred to as "Advanced Persistent Threat (APT) actors. The APT actions have been observed in Australia, as well as in other nations globally.

Recommendation

The WASOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices.

• ASD Advisory: https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/countering-chinese-state-sponsored-actors-compromise-of-networks-worldwide-to-feed-global-espionage-system