Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
According to the Annual Cyber Threat Report 2024–2025, the line between the tactics and techniques used by nation-state actors and financially motivated hackers is growing increasingly thin.
One of the key takeaways from the Annual Cyber Threat Report 2024-2025, released on 14 October by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), is the complex relationship between hackers sponsored by powerful nation states and cyber criminals motivated purely by financial gain.
The report highlights activity by a threat actor backed by the People’s Republic of China (PRC), tracked as Kryptonite Panda, Gingham Typhoon, and Leviathan, among others, depending on which cyber security company is investigating them.
“APT40 regularly conducts malicious activities against Australian and regional networks that possess information of value to the PRC,” the ACSC said in its report.
“These activities represent a security threat to many government and critical infrastructure networks.”
However, many of the tactics used by state-backed hackers are taken straight out of the criminal playbook, a move that requires network defenders to develop model tactics of their own.
“It’s becoming increasingly clear that the boundary between state-sponsored and criminal cyber threat actors is blurring. Today’s attackers rely on the same tactics, techniques, and tools, regardless of whether their goal is espionage, extortion, or disruption. This convergence demands a new approach to defence, with threat intelligence and incident response forming the foundation of every cyber strategy,” Tony Campbell, director of enterprise security at Kinetic IT, told Cyber Daily.
“The advice from the Australian Cyber Security Centre on how organisations should shore up their defences has remained consistent this year, and for good reason. Strong intercept-resistant multifactor authentication, unique passwords, regularly tested backups, and timely patching are critical. The ACSC’s data again shows that these fundamental cyber hygiene measures prevent most incidents, yet many companies continue to leave themselves exposed.”
Campbell also noted that tools powered by artificial intelligence are becoming more common in the hacking community, particularly among less sophisticated actors.
“Even less advanced cyber criminals are now using AI to automate phishing campaigns, analyse stolen data, and coordinate denial-of-service attacks. To counter this growing threat, organisations must invest in research and innovation focused on defending against AI-enabled attacks. This includes implementing adaptive, intelligent security controls capable of evolving alongside the technologies they are designed to stop,” Campbell said.
However, despite the risk of nation-state hackers intruding into Australian networks in search of sensitive data, ransomware operators remain one of the most prominent threats to Australian organisations.
“Ransomware remains the most disruptive and costly cyber threat to Australian companies, with the average cost to large businesses rising by 219 per cent. The risk is not only financial but also reputational and operational,” Campbell said.
“As ransomware groups increasingly target critical operational technology systems, Australia must focus on building resilience at a national level to ensure continuity and trust across essential services.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
