Computer security firm CyberCX, headed by former national cyber security adviser Alastair MacGibbon, published an 12-page investigation into the leak on Monday, revealing its contents were “intended to influence Australian politics”.

Defence experts said “China would be at the top of the list” of suspects behind the leak that appeared to target the Coalition, which established offshore processing in Nauru in 2012.

The report, which has been reviewed by Australian Federal Police, said CyberCX researchers found “anomalies in the leaker’s activities that warrant scepticism about their motivations,” and experts had “high confidence” the leak did not come from the hacking group Anonymous as had been claimed.

The leak of internal emails within the Nauru Police Force occurred on May 2 — less than three weeks before polling day — and saw more than 285,000 files from 126 email addresses leaked to a relatively untested whistleblower website, Enlace Hacktivista.

The leaked emails also came with a 954-word manifesto but CyberCX researchers found 60 per cent of it was “copied verbatim from other sources” and did not refer to content from the leaked communications.

The manifesto also discussed issues from October 2021 — an indication whoever stole the information may have been sitting on the data for months, waiting for a politically damaging moment, the report found.

The leaked internal emails revealed high rates and threats of self-harm among refugees and asylum seekers, and a seemingly careless attitude from the police, with one referring to a “drama detainee”.

Australian Strategic Policy Institute former executive director Peter Jennings said there was a short list of nation states that could be behind the attack but “China would be at the top of the list”.

“With most major sophisticated hacks that we’ve seen in Australia, the first obvious suspect is going to be the People’s Republic of China,” he said.

“My way of thinking about these things is it’s like a murder mystery — you have to look for a combination of means and motive and only China has the means and the motive to want to do damage to Australia in the context of an election campaign.”

Mr Jennings said the CyberCX report appeared to be a “credible case” of foreign interference by China, and an attempt to damage Australia’s reputation among Pacific Island nations after its recent deal with the Solomon Islands.

Despite the report’s damning findings, CyberCX said it had not identified a “direct” link to a foreign country.

“Nation-state actors have an established history of using hacktivist cover to influence public discourse about controversial and political events, including in election contexts,” the report said.

“This heightens the need to expose all claimed hacktivist activity to objective scrutiny and to understand the motivations, and identities, of hack and leak threat actors.”

The hack targeting an Australian election comes after several attempts to infiltrate the nation’s tech defences, many believed to come from China.

Western Australia’s parliamentary email system was hacked in March last year by suspected Chinese hackers, while the federal parliamentary email system was also disrupted in an online strike the same month.

A foreign attacker also installed malware in the federal parliamentary email system in March 2019.

More Coverage

‘Aggressive act’: Chinese spy ship spotted off Australia

Clare Armstrong, Andrew Koubaridis, Natalie O’Brien