Home Affairs Minister Karen Andrews calls out ‘malicious’ China cyber attack

Karen Andrews says she has ‘very high levels of confidence’ that China was behind a massive global cyber hack in January.

Ben Packham and MAX MADDISON

3 min read

10:19PMJuly 19, 2021.

Updated 11:18AMJuly 20, 2021

Home Affairs Minister Karen Andrews. Picture: Getty

Home Affairs Minister Karen Andrews says she has “very high levels of confidence” that the Chinese Ministry of State Security was behind the attack on Microsoft’s Exchange mail server in January.

The attack exploited vulnerabilities in the software giant’s digital infrastructure to expose tens of thousands of public and private organisations to cyber criminals.

Despite the Chinese government denying responsibility, Ms Andrews said it was evident that Beijing was involved in the attack, which reportedly cost billions of dollars in stolen intellectual property, ransom payments and countersecurity measures.

“Many of our partner nations have worked together to make sure that we have very high levels of confidence that this was the Chinese Ministry of State Security that was behind this attack,” Ms Andrews told a press conference on Tuesday morning.

While she acknowledged there were likely to be “serious implications” for publicly identifying China, Ms Andrews said she wouldn’t hesitate to hold the country accountable if they continued to launch cyber attacks.

“But we also will not compromise our position on sovereignty and national security and in this instance, with our partner nations, we needed to call out this malicious cyber attack,” she said.

“They have many nations that have come out and publicly attributed this attack to them, so there is significant reputational damage to China — they have been called out.”

The comments came after the Australian government took the rare step of attributing major cyber attacks to China in a co-ordinated move with key allies, and accused Beijing of engaging “contract hackers” to steal intellectual property.

The attacks, utilising vulnerabilities in Microsoft Exchange software, affected thousands of computers and networks across the world, including in Australia.

In a statement on Monday night, the government said it joined international partners in “expressing serious concerns about malicious cyber activities by China’s Ministry of State Security”.

“The Australian government is also seriously concerned about reports from our international partners that China’s Ministry of State Security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese government,” it said.

The move was co-ordinated with the US, Britain and the EU. New Zealand and Canada were also expected to release similar statements.

The Biden administration said China’s state-sponsored hacking posed a major threat to the interests of the US and its allies.

“The PRC’s pattern of irresponsible behaviour in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world,” it said.

“In some cases, we are aware that PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars.”

The White House said China’s unwillingness to address criminal activity by contract hackers harmed governments, businesses, and critical infrastructure operators, causing billions of dollars in losses.

Australia said the attacks earlier, from March this year, had “undermined international stability and security”, opening the door to cybercriminals and other actors, who continued to exploit the vulnerability for illicit gain.

China ‘slams the door in the face’ of US diplomat ahead of proposed visit

“Australia calls on all countries — including China — to act responsibly in cyberspace,” the statement said.

“China must adhere to the commitments it has made in the G20, and bilaterally, to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage.”

Australia has since 2017 named China, North Korea, Russia and Iran as malicious cyber actors, but does so infrequently.

Most recently, Australia also joined more than 30 international partners to hold Russia to account for its cyber attacks against SolarWinds.

“Australia calls out these malicious activities to highlight the significant risk they can pose to Australia’s national security or to international stability, which in turn can undermine business confidence and inclusive economic growth,” Home Affairs Minister Karen Andrews said in the statement with Foreign Minister Marise Payne and Defence Minister Peter Dutton.

The disclosure comes amid a new operation by the Australian Federal Police to strike back against ransomware attackers in Australia and Russia, in response to a spate of major attacks on Australian businesses, hospitals and government.

Operation Orcus is Australia’s strongest response yet to the surging incidence of this form of cyber crime, both here and overseas where online criminals steal sensitive data and demand multimillion-dollar ransoms for its return.

Australia has experienced a 60 per cent increase in ransomware attacks over the past year that are estimated to have cost the economy $1.4bn while temporarily paralysing hospitals as well as large and small businesses across the nation.

Australia’s move to form a multi-agency task force follows a similar initiative this week by Joe Biden in response to a string of attacks by suspected Russia-based criminals on a major oil pipeline and on the world’s largest meat processing company, JBS.

More than 459 Australian entities were hit by ransomware attacks in the year to April 2020 compared with at least 291 in the previous 12 months.