Australia’s government cybersecurity agency on Tuesday accused a China-backed hacker group of stealing passwords and usernames from two unnamed Australian networks in 2022, adding that the group remained a threat.

A joint report led by the Australian Cyber Security Centre said the hackers, named APT40, had conducted malicious cyber operations for China’s Ministry of State Security, the main agency overlooking foreign intelligence.

“The activity and techniques overlap with the groups tracked as Advanced Persistent Threat (APT) 40,” said the report, which included inputs from lead cyber security agencies for the United States, Britain, Canada, New Zealand, Japan, South Korea and Germany.

China’s embassy in Australia did not immediately respond to a request seeking comment.