{ "id": "3fc81f6c-4ac3-4d04-93cc-45e8de8843cd", "created_at": "2026-04-06T00:22:16.804559Z", "updated_at": "2026-04-10T03:30:45.521509Z", "deleted_at": null, "sha1_hash": "29fa9ecd5c75629c8c994cb06deccf8d55b54d81", "title": "Chinese hackers targeting Australian law firms, an industry specialist warns", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 569561, "plain_text": "Chinese hackers targeting Australian law firms, an industry\r\nspecialist warns\r\nBy Henry Belot\r\nPublished: 2017-11-30 · Archived: 2026-04-05 21:45:43 UTC\r\nChinese hackers are attacking Australian law firms that hold sensitive commercial information and have\r\nsuccessfully hacked a research body, an industry specialist has warned.\r\nKey points:\r\nExperts say threat of cyber espionage in the commercial world is high\r\nAn Australian research and development body was targeted by Chinese hackers\r\nThe origin of Chinese hackers remains unclear\r\nThe Chinese espionage group known as the Codoso team or APT-19 has been causing havoc internationally but is\r\nturning its attention to Australia.\r\nThe Australian Crime Commission's former cyber security manager, Tim Wellsmore, said any information\r\nobtained would likely be passed to Chinese companies.\r\nLaw firms hold confidential information that could give the companies inside knowledge ahead of business\r\nnegotiations, mergers and acquisitions.\r\nIn some cases, these firms are seen as weak links as they have not taken cyber security as seriously as some of\r\ntheir clients.\r\nMr Wellsmore, who is now Director of Asia/Pacific Threat Intelligence for private security firm FireEye, said\r\nAPT-19's origins remained unclear.\r\n\"Sometimes it is tricky to understand whether they are sitting there in uniforms working directly for the Chinese\r\nGovernment, or if they are sponsored and given resources but operate outside the Government hierarchy,\" he told\r\nthe ABC.\r\n\"APT-19 is certainly acting in support of Chinese state interests but at this stage we have not been able\r\nto attribute them to serving members of the Chinese Government.\"\r\nFireEye observed at least seven phishing attacks directed at global law firms during May and June, some of which\r\nexploited vulnerabilities in Microsoft software.\r\nA spokesman for the Department of the Prime Minister and Cabinet, which leads the Government's response to\r\ncybercrime, said hackers knew there was a low risk of being identified.\r\nhttps://www.abc.net.au/news/2017-12-01/chinese-hackers-targeting-australian-law-firms/9213520\r\nPage 1 of 3\n\n\"[We] advise organisations to always think about the value of their data, know who has access to their data, know\r\nwhere their data is stored and review the protections in place to best secure their data,\" the spokesman said.\r\nThe department did not respond to questions about whether APT-19 had compromised any sensitive information.\r\nAustralian research body also hacked\r\nMr Wellsmore said his company had confirmed a Chinese attack on an Australian research and development body,\r\nbut he would not say which one.\r\nTim Wellsmore would not say which Australian research and development body had been hacked.\r\n(Twitter: Tim Wellsmore)\r\n\"We have been involved in attacks in 2017 by the Chinese on research bodies within Australia and we continue to\r\nthink this will be a focus for the Chinese in years to come,\" he said.\r\n\"There is a lot of research that would put them at a strategic advantage.\"\r\nThe Australian Cyber Security Centre report found espionage activity was likely to focus on a country's gaps in\r\ntechnology or know-how.\r\nFergus Hanson, head of cyber policy at the Australian Strategic Policy Institute, said disclosing Chinese attacks\r\nmay encourage criminals to improve their methods.\r\n\"In terms of sectors being targeted, I don't have a bird's-eye view, but I'd assume anything that lined up with\r\nChina's interests — mining, energy defence or companies that would lead to them, such as law firms and\r\nsuppliers,\" Mr Hanson said.\r\nhttps://www.abc.net.au/news/2017-12-01/chinese-hackers-targeting-australian-law-firms/9213520\r\nPage 2 of 3\n\nAPT-19 has 'global reach'\r\nGreg Austin, a professor at the Australian Centre for Cyber Security at UNSW, said he was not surprised the group\r\nwas targeting Australian companies.\r\n\"APT-19 has a global reach and its targeting may well be 'automated' so it would not be targeting Australian firms\r\nuniquely,\" he said.\r\n\"In such cases, it is inevitable that some Australian firms get caught up.\r\n\"The threat of cyber espionage in the commercial world globally is very high because most firms\r\npresent easy targets.\"\r\nProfessor Austin said many Chinese cyber criminals were not connected to the Chinese Government.\r\n\"Statistics on Chinese arrests of cyber criminals are staggering — tens of thousands of arrests each year, and\r\nhundreds of criminal gangs using cyber attack,\" he told the ABC.\r\n\"It is the only country with such a high number of reported arrests for cyber crime.\"\r\nSource: https://www.abc.net.au/news/2017-12-01/chinese-hackers-targeting-australian-law-firms/9213520\r\nhttps://www.abc.net.au/news/2017-12-01/chinese-hackers-targeting-australian-law-firms/9213520\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.abc.net.au/news/2017-12-01/chinese-hackers-targeting-australian-law-firms/9213520" ], "report_names": [ "9213520" ], "threat_actors": [ { "id": "1f3cf3d1-4764-4158-a216-dd6352e671bb", "created_at": "2022-10-25T15:50:23.837615Z", "updated_at": "2026-04-10T02:00:05.322197Z", "deleted_at": null, "main_name": "APT19", "aliases": [ "APT19", "Codoso", "C0d0so0", "Codoso Team", "Sunshop Group" ], "source_name": "MITRE:APT19", "tools": [ "Cobalt Strike" ], "source_id": "MITRE", "reports": null }, { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "0639667a-fb3f-43d9-a38c-6c123fd19c7f", "created_at": "2022-10-25T16:07:23.335869Z", "updated_at": "2026-04-10T02:00:04.547702Z", "deleted_at": null, "main_name": "APT 19", "aliases": [ "APT 19", "Bronze Firestone", "C0d0so0", "Checkered Typhoon", "Codoso", "Deep Panda", "G0009", "G0073", "Operation Kingslayer", "Red Pegasus", "Sunshop Group", "TG-3551" ], "source_name": "ETDA:APT 19", "tools": [ "Agentemis", "C0d0so0", "Cobalt Strike", "CobaltStrike", "Derusbi", "EmPyre", "EmpireProject", "Fire Chili", "PowerShell Empire", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "46a151bd-e4c2-46f9-aee9-ee6942b01098", "created_at": "2023-01-06T13:46:38.288168Z", "updated_at": "2026-04-10T02:00:02.911919Z", "deleted_at": null, "main_name": "APT19", "aliases": [ "DEEP PANDA", "Codoso", "KungFu Kittens", "Group 13", "G0009", "G0073", "Checkered Typhoon", "Black Vine", "TEMP.Avengers", "PinkPanther", "Shell Crew", "BRONZE FIRESTONE", "Sunshop Group" ], "source_name": "MISPGALAXY:APT19", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434936, "ts_updated_at": 1775791845, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/29fa9ecd5c75629c8c994cb06deccf8d55b54d81.pdf", "text": "https://archive.orkl.eu/29fa9ecd5c75629c8c994cb06deccf8d55b54d81.txt", "img": "https://archive.orkl.eu/29fa9ecd5c75629c8c994cb06deccf8d55b54d81.jpg" } }