Warnings about Huawei have swirled for years with the US Government saying it posed a national security threat and Australia also blocking the company from bidding for the National Broadband Network (NBN) — one of the key decisions that saw its relationship with China begin to sour.

Until now it was unclear what the exact nature of the concerns were.

A Bloomberg News investigation has revealed a reported breach of Australia’s telecommunications system was communicated to the US in 2012.

It claims the breach started with a software update from Huawei that was “loaded with malicious code” and installed on the Optus network — something that both telcos deny.

The code reportedly operated like a “digital wiretap” to record all data including “private communications and information that could be used to target specific people” passing through it, before the data was sent to China.

It’s unclear what the data was used for.

The code apparently deleted itself after a few days but Australian intelligence agencies determined China’s spy services were behind the breach.

Led by Australia’s information, officials told Bloomberg that American intelligence agencies that year confirmed a similar attack from China using Huawei equipment located in the US.

China’s Ministry of Foreign Affairs said in a statement to Bloomberg that the country “opposes and would crack down on any forms of cyberattack and internet espionage activities in accordance with the law, not to mention refraining from encouraging, supporting or conspiring with hacking attacks”.

“Australia’s slander on China carrying out cyberattacks and espionage penetration are purely a move like a thief crying to catch a thief. This kind of arbitrary smear on another county is an extremely irresponsible action that China firmly opposes,” the ministry said.

“We urge Australia not to abuse the name of ‘national security’ and put groundless accusations and unreasonable pressures on Huawei and other Chinese companies.”

In a statement to news.com.au, an Australian Cyber Security Centre spokesperson

“In relation to the government’s decision to bar high risk vendors from participating in Australia’s 5G networks, this was informed by the Australian Signal Directorate’s technical expertise, its knowledge of malicious state-based actor capabilities, and based on intelligence insights,” the spokesperson said.

“Whenever the ASD discovers a cyber incident affecting an entity, it engages the relevant entity to provide advice and assistance.

“The ASD’s assistance is confidential - it is a matter for relevant entities to comment publicly on any cyber security incident.

“The ASD regularly shares lessons learnt from cyber incidents, including potential vulnerabilities, with our partners to allow them to better protect themselves. This includes government partners, businesses and the Australian community.

“This includes sharing information regarding cyber threats to critical infrastructure and essential services. As the ASD outlined in the Cyber Threat Report 2020-21, the threat to critical infrastructure, including telecommunications, continues - with cyber threats to critical infrastructure accounting for over a quarter of cyber incidents.

“Australia is not alone in the threats we face from state-based actors in cyberspace. For example, the Australian government joined with others int he world to express serious concerns about malicious cyber activities by China’s Ministry of State Security.”

Sources told Bloomberg that the attack was launched on the Optus network, which used Huawei for several projects including to supply part of its 3G and 4G networks.

However, Optus denies knowledge of the attack.

“Optus takes security very seriously. Any incidents of breaches or inappropriate vendor behaviour would be taken into account in our network investment decisions, but we have no knowledge of the alleged incidents,” Optus said in a statement to Bloomberg.

Vodafone, now known as TPG, which used Huawei to overhaul its 2G and 3G networks, and parts of its 4G network, also denied any knowledge of an attack.

Telstra does not have any equipment from Huawei in its network.

On its website, Huawei denies it has experienced any major cybersecurity incidents while working with more than 500 telecom providers for nearly 20 years in 170 countries.

“No other vendor can claim this level of cybersecurity success,” it says.

However, there have been various reports over the years that have linked Huawei or its employees to spying and surveillance including an Australian Financial Review story that a facility it built to store the Papua New Guinea government’s data contained glaring security gaps.

The US, Australia, Sweden and the United Kingdom have all since banned Huawei from being involved in their 5G networks, and about 60 countries have signed a US pledge to avoid Chinese equipment for their telecommunications systems.

More Coverage

China’s massive hack on Aussies revealed

Ellen Ransley

Log4Shell hack sets ‘internet on fire’

Charlotte Edwards

Michèle Flournoy, former Defence Department official under President Barack Obama said China continued to punish Australia, partly because of its position on Huawei.

“They (Australia) didn’t do the typical thing of trying to hide the vulnerability; they talked about what happened with their closest allies and took a public stand,” Ms Flournoy told Bloomberg.

“They are still taking a hit for it.”