Cyber-attack Australia: sophisticated attacks from ‘state-based actor’, PM says

Security experts say China, Russia and North Korea are the only countries that fit Australian prime minister Scott Morrison’s description of culprit

A wide range of political and private-sector organisations in Australia have come under cyber-attack carried out by a “sophisticated state-based cyber-actor”, the Australian government has revealed.

Scott Morrison, the prime minister, disclosed the far-reaching attacks at a media conference in Canberra on Friday, while the defence minister, Linda Reynolds, declared that malicious cyber-activity was “increasing in frequency, scale, in sophistication and in its impact”.

The government did not say which country it believed was responsible, except to say it was “a state-based actor, with very significant capabilities”.

The prime minister declined to respond to a specific question about whether it was China, after months of tensions in its relationship with Australia, but security experts later said they believed it, Russia and North Korea were the only countries that fell within Morrison’s description.

“I’m here today to advise you that, based on advice provided to me by our cyber-experts, Australian organisations are currently being targeted by a sophisticated state-based cyber-actor,” Morrison told reporters.

“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.

“We know it is a sophisticated state-based cyber-actor because of the scale and nature of the targeting and the tradecraft used. The Australian government is aware of and alert to the threat of cyber-attacks.”

The government’s Australian Cyber Security Centre (ACSC) issued advice on Friday on the techniques used in the attacks, which it described under the banner “copy-paste compromises” because the attacker had copied heavily from open-source code.

The ACSC said the attacker had attempted to exploit public-facing infrastructure. But when that did not succeed, the attacker used personalised “spearphishing” techniques, including sending targets links to malicious files and websites aimed at harvesting passwords.

Morrison said the activity was “not new” but the frequency had been increasing “over many months”. He said investigations conducted so far had not revealed any “large-scale personal data breaches” of Australians’ private information. Cybersecurity, he added, had been “a constant issue for Australia to deal with”.

The prime minister said Australia was working closely with its allies and partners to manage cyber threats. He had spoken with his British counterpart, Boris Johnson, about the issue on Thursday night.

Morrison said the government was speaking publicly about the issue not to raise concerns but to raise awareness. He encouraged organisations, particularly those in health critical infrastructure and essential services, to “implement technical defences to thwart this malicious cyber-activity”.

The prime minister declined to name, at this stage, which country was believed to be responsible. He said the threshold of evidence to attribute an attack to a particular country publicly was “extremely high” and it would only ever be done in line with Australia’s strategic national interests.

At a regular press briefing on Friday, foreign ministry spokesman Zhao Lijian denied the claims as “baseless” and said that China is a “staunch defender of cyber security” and “firmly opposed all forms of cyber attacks.”

China is a staunch defender of cybersecurity and one of the biggest victims of cyber attacks. We have always resolutely opposed and cracked down on all forms of cyber attacks. Our position has been consistent and clear.”

Also, in response to a question about reports of Australian lobbying against an inquiry in police brutality in the US at the UN Human Rights Council, Zhao Lijian said those actions “once again show the hypocrisy of some people in Australia,” as well as their “undisguised double standards international affairs and unprincipled political manipulation.”

Peter Jennings, head of the Australian Strategic Policy Institute and a former senior defence official, said China, Russia and North Korea had sophisticated cyber-capabilities, but it was important to factor in motive, intent and purpose.

“There is one country that has the skill, depth of capacity and a real motive to want to do it and that is China,” Jennings told Guardian Australia.

Jennings said he believed the government was raising the matter publicly without naming China in an attempt to send a signal to Beijing to moderate its behaviour after recent tensions.

Morrison said the government would release a new cybersecurity strategy in the coming months and that would include significant further funding to strengthen defences.

He said the ACSC had been briefing Australian states and territories and working with targeted organisations to ensure their defences were appropriately raised.

The defence minister said increasingly sophisticated malicious cyber-activity harmed Australia’s national security and economic interests. Reynoldsurged all Australian organisations to be alert to the threat and protect their networks.

The government briefed the office of the opposition leader, Anthony Albanese, on Thursday evening.

Last year Reuters reported that Australia had intelligence that determined China was responsible for a cyber-attack on parliament and the three largest political parties before the May 2019 federal election, citing five sources with direct knowledge.


Daniel Hurst in Canberra

The GuardianTramp

Related Content

Article image
Australia's major political parties targeted by 'sophisticated state actor', PM says
Scott Morrison says Liberals, Labor and Nationals affected by ‘malicious’ cyber activity

Katharine Murphy Political editor

18, Feb, 2019 @2:48 AM

Article image
Peter Dutton confirms Australia could spy on its own citizens under cybersecurity plan
Australian Signals Directorate will for the first time be able to identify suspects on home soil

Paul Karp

06, Aug, 2020 @6:10 AM

Article image
Labor accuses Malcolm Turnbull of putting politics ahead of cyber security
Prime minister says Labor, Nick Xenophon and Greens were all invited to a briefing, but they have no record of this and only found out through the media

Gabrielle Chan

24, Jan, 2017 @1:50 AM

Article image
EU to run war games to prepare for Russian and Chinese cyber-attacks
Ministers to be put in fictional scenarios after series of hacking incidents

Daniel Boffey in Helsinki

27, Jun, 2019 @12:48 PM

Article image
More government action needed on cyberattacks against Australia, including penalties
Prime minister’s comments about previous attack ‘incredibly useful’, but messaging needs to be consistent, advisory panel says

Josh Taylor

21, Jul, 2020 @7:06 AM

Article image
Private sector must join battle against cyber-attacks, says Hammond
National Cyber Security Centre to be formally opened as chancellor warns of sophisticated and severe attacks

14, Feb, 2017 @12:01 AM

Article image
Study reveals North Korean cyber-espionage has reached new heights
Spying unit is widening its operations into aerospace and defence industries, according to US security firm

David Taylor in New York

20, Feb, 2018 @12:31 PM

Article image
Australia joins US and UK in blaming Russian-backed hackers for cyber-attacks
No indication that Australian information was compromised in ‘malicious’ August offensive

Anne Davies

17, Apr, 2018 @12:56 AM

Article image
Russia accused of cyber-attack on chemical weapons watchdog
Netherlands expelled four GRU officers after alleged attacks on OPCW and UK Foreign Office

Pippa Crerar, Jon Henley and Patrick Wintour

04, Oct, 2018 @2:48 PM

Article image
UK accuses Kremlin of ordering series of 'reckless' cyber-attacks
Foreign Office increases pressure on Russia after Skripal poisoning

Patrick Wintour Diplomatic editor

03, Oct, 2018 @11:01 PM