The Australian Signals Directorate, with cyber security agencies from the US, UK, Canada and New Zealand, said the attacks were “associated with a People’s Republic of China state-sponsored cyber actor, also known as Volt Typhoon”.

The rare public attribution of cyber attacks to a nation state revealed the hackers used advanced malware techniques that did not require the installation of any code into the targeted systems.

ASD warned Australian organisations to be on the lookout for the sophisticated tactics used by the hacking group.

Microsoft said Volt Typhoon had been active since mid-2021, targeting critical infrastructure organisations in Guam and elsewhere in the United States.

“In this campaign, the affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors,” it said.

“Observed behaviour suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”

Cyber Security Minister Clare O’Neil said Australia didn’t hesitate to call out China over the attacks, despite the thaw in ties between Canberra and Beijing.

“It‘s really important for our national security to call out when these things are occurring, and it’s incredibly important that we have transparency and are upfront with Australians about that,” she told ABC radio.

“That must be the overriding issue on a day like today.”

The attribution came as ASD embarked on the first of a series of national cyber security exercises, starting with the nation’s four big banks and the Reserve Bank of Australia.

Ms O’Neil said the aviation sector would be next, and the government would run similar exercises across key industries over the next 18 months.

“Our intelligence agencies work together to build scenarios that are based around factual incidents to make sure that we make these as real as possible,” she said.

“We’re thinking here about, you know, what if one of our major banks went down? What if our water sources were tampered with? What if our electricity grid came off line?”

The so-called “living off the land” attacks allowed the attackers to evade detection by blending in with normal Windows system and network activity.

CyberCX chief strategy officer Alastair MacGibbon said the hacking incidents were “a precursor of future attacks” in countries like Australia.

“Given the number of systems, the complexity of those systems and the varying degrees of cyber maturity of those systems, you’d have to suspect that it either has occurred or will occur, which is why the Australian government has come out and done this,” he said.

“This should be a wake up call for critical infrastructure owners.”

The 24-page Five Eyes advisory notice provided “threat hunting advice” for system operators, warning the attacks could be replicated against critical infrastructure operators and other sectors worldwide.

“The advisory provides examples of the actor’s commands along with detection signatures to aid network defenders in hunting for this activity,” the notice said.

“Many of the behavioural indicators included can also be legitimate system administration commands that appear in benign activity.

“Care should be taken not to assume that findings are malicious without further investigation or other indications of compromise.”

The notice came as Foreign Minister Penny Wong announced a new ambassador for cyber affairs and critical technology. Former Home Affairs official Brendan Dowling will fill the role, leading Australia’s international engagement on the issues.

Career diplomat Richard Feakes was named as Australia’s next ambassador for counter-terrorism.

More related stories

Defence

ADF recruit process faces cultural fight

Peter Dean has lashed the government for being ‘exceptionally slow’ on addressing the defence force’s workforce crisis, warning young recruits are struggling with the lack of connection to the outside world.

Read more

Defence

‘Who will fight for nation?’: ex-army chief’s alarm

Peter Leahy has warned a decline in national pride is at the heart of the Australian Defence Force’s personnel crisis.

Read more