China’s wild ‘disinformation campaign’ claim against Five Eyes Alliance
China has hit out at Australia and its closest intelligence allies on the world stage in a sensational “disinformation” campaign.
Beijing has hit out at Australia and its security allies after Chinese Communist Party-backed hackers were identified as responsible for cyber attacks on “critical infrastructure” in the United States.
A joint Cybersecurity Advisory was issued by the Five Eyes Alliance – comprised of Australia, the US, the UK, New Zealand and Canada – and Microsoft following a “recently discovered cluster of activity of interest” associated with China’s state-sponsored hacking group Volt Typhoon.
The document warned Volt Typhoon used a “living off the land attack” – a tactic that exploits legitimate tools within online systems rather than malware – to hack critical organisations, including telecommunications and transportation hubs, in the States and its territory of Guam, a critical military outpost.
But Chinese foreign ministry spokeswoman Mao Ning rejected the report, calling it a “collective disinformation campaign” from the “empire of hacking”.
“This has been a collective disinformation campaign launched by the US through the Five Eyes to serve its geopolitical agenda,” Ms Mao told reporters on Thursday.
“It’s widely known that the Five Eyes is the world’s biggest intelligence association and the NSA [US National Security Agency] the world’s biggest hacking group. It is ironic that the Five Eyes jointly released a report filled with disinformation.”
Ms Mao said the report had a “serious lack of evidence and is extremely unprofessional” and that including Microsoft in it showed the use of non-government channels to “spread disinformation”.
The outburst came after the NSA said it was working with its Five Eyes security agencies – including the Australian Cyber Security Centre, which sits within the Australian Signals Directorate – to identify breaches by Volt Typhoon, which Microsoft blamed for a number of attacks in the States.
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the company said.
It said this attack targeted communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors with the aim to “perform espionage and maintain access without being detected for as long as possible”.
The joint Five Eyes report, released on Wednesday, said Volt Typhoon avoided detection by “blending in with normal Windows system and network activities”.
It said the hackers used compromised credentials to gain access to the organisations for espionage and information gathering.
And, although analysts could not immediately determine the full capabilities of the “living off the land” technique, the joint Five Eyes report warned Volt Typhoon “could apply the same techniques against these and other sectors worldwide”.
Minister for Home Affairs and Cyber Security Claire O’Neil supported the work of the advisory, saying it demonstrated that protecting Australians from “cyber attack is more important than it’s ever been”.
In an interview ABC Radio, Ms O’Neil dismissed concerns Australia being attached to the report would hinder the Albanese government’s efforts to repair diplomatic relations with China.
She said the government would not shy away from identifying bad actors, especially when “we have the evidence before us”.
“The Australian Government is never going to compromise on our national security, and this activity should not be occurring. There is no question about that. And we’re not going to be shy when we know who is responsible for that activity,” Ms O’Neil said.
“It’s important for the national security of our country that we’re transparent and upfront with Australians about the threats that we face and that’s why we’ve joined the advisory.”
Opposition spokesman for cyber security James Paterson also welcomed the report identifying “this malign cyber behaviour”, but said Australia needed to be tougher on China.
While public attribution is a welcome first step, we must do more to deter this malign cyber activity. Magnitsky cyber sanctions allow Australia to directly penalise those engaged in these attacks on our infrastructure. Itâs time the Albanese govt used them https://t.co/SJeb0hHXwK
— James Paterson (@SenPaterson) May 24, 2023
“While public attribution is a welcome first step, we must do more to deter this malign cyber activity,” he tweeted on Thursday.
“Magnitsky cyber sanctions allow Australia to directly penalise those engaged in these attacks on our infrastructure. It’s time the Albanese [government] used them.”
This is not the first time Beijing has hit back at America and its allies for blaming China for massive hacks.
In September, Australia faced criticism for joining other nations’ identifying China as responsible for the hack of Microsoft Exchange.