The sophisticated exploits and weaponisation of Australia’s cloud-based systems by “China-nexus adversaries”, including the Chinese Communist Party and North Korea-backed hackers, were revealed by US-based global cyber security company CrowdStrike.

In the past year, shadowy groups targeted nearly all 39 global industry sectors and 10 across Australia and New Zealand, including energy, academia, nuclear, government, telecommunications, healthcare, finance, manufacturing, aerospace, and NGOs.

“Further, the AUKUS agreement between Australia, the UK and the US has been in the crosshairs of Australia’s cybersecurity adversaries since it was announced,” CrowdStrike Adam Meyers, SVP of Intelligence at CrowdStrike, told News Corp Australia.

“Attempted cyber attacks by both North Korea and China have been identified by CrowdStrike Intelligence highlighting how geopolitical tensions are fuelling the cybersecurity impact China has over the region.”

In the past year, 33 new hacking groups were detected to raise the number of shady eCrime groups known operating globally to more than 200, including the “China-nexus” groups targeting Australia: Sunrise Panda and Phantom Panda in China, and Velvet Chollima, Ricochet Chollima, Labyrinth Chollima, Stardust Chollima, and Chollima in North Korea.

Two-thirds of the China-nexus hackers targeted Asia Pacific and Japan, where the largest focus of the groups was placed.

Three-quarters of the targets were in Oceania (Australia, New Zealand, and Papua New Guinea), as well as Africa and South America. Only one-quarter of their efforts were focused on North America and Europe, the report said.

It comes as another cyber security firm, Proofpoint, released its 2023 “State of the Phish” report found that 90 per cent of organisations paid a “ransom” to hackers despite the practice encouraging more phishing and ransomware attacks.

The federal government this week announced plans to overhaul cyber security rules and establish an agency to oversee funding and co-ordination of cyber attack responses. The new role of Co-ordinator for Cyber Security would be established under the National Office for Cyber Security in the Home Affairs department.

Prime Minister Anthony Albanese, announcing the plans at a Cyber Security Roundtable in Sydney, said government policies, business systems and capacity to deal with hackers as a nation “are simply not at the level we need them to be”.

“We, of course, are conscious as a Government as well about state-sponsored attacks, which are increasingly prevalent, from stealing classified information to cyber criminal acts aimed at seeking to secure some profit, or in some cases, ransomware attacks, which are increasingly prevalent as well,” he said.

“This is really fast-moving. It’s a rapidly evolving threat, and for too many years Australia has been off the pace,” he added.

The push for cyber security reform comes after high-profile breaches of customer data at Medibank Private, Optus and Singapore Telecommunications in the past year.

The “supply chain” compromises that breached some of the companies were made famous by the hack of US firm SolarWinds, in which malware targeted a third party with access to more than 30,000 public and private organisations.

CrowdStrike, one of the first to identify the SolarWinds compromise by suspected Russian hackers, said tactics have continued to grow more sophisticated and have moved beyond the ransomware attacks that terrorised Australia in 2022.

“The past 12 months brought a unique combination of threats to the forefront of security. Splintered eCrime groups re-emerged with greater sophistication, relentless threat actors sidestepped patched or mitigated vulnerabilities, and the feared threats of the Russia-Ukraine conflict masked more sinister and successful traction by a growing number of China-nexus adversaries,” CrowdStrike’s head of intelligence Adam Meyers said.

“Today’s threat actors are smarter, more sophisticated, and more well-resourced than they have ever been in the history of cybersecurity.”

That includes the suspected “Panda” hackers of the China-nexus that have become “could conscious”, including the newly-identified “Ethereal Panda”. The China-based actor has been active since at least 2021 and primarily focused on academics, technology and telecommunications in Taiwan.

According to CrowdStrike, there is growing evidence that the “Panda” and “Chollima” hacker groups of China and North Korea are leveraging new cloud infrastructure being widely adopted across businesses and government.

More Coverage

Chinese ‘spy buoys’ found targeting nuclear subs

Justin Vallejo

Australia’s next move against China

Justin Vallejo

Originally published as China hack attacks on Australia after AUKUS nuclear subs deal ‘significantly increased’, experts reveal