Beijing behind full cyber attack on Australia
Senior intelligence sources have revealed the targets and aims of the cyber assault on Australia, as China issues a furious denial.
Scott Morrison has revealed Australia is under sustained cyber attack from a “sophisticated state-based cyber actor” widely believed to be communist China, targeting all levels of government, essential services, critical infrastructure and businesses.
While the Prime Minister didn’t name China, accusations by security experts of its involvement drew an angry response from Beijing. As security agencies used offensive tactics to repel active threats to companies and government agencies, Mr Morrison called a snap national security committee of cabinet meeting on Thursday night.
The next morning, the Prime Minister warned the nation that mass cyber attacks had increased in recent months. He did not identify the state-based actor but said: “Those who are engaged in this are not doing this to help us. This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure. We know it’s a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used. Based on the advice that we’ve received ... this is the actions of a state-based actor with significant capabilities and there aren’t too many state-based actors who have those capabilities.”
A senior intelligence source said the targeting of a number of organisations was consistent with a systematic attempt at political interference. Others pointed to an effort to map Australia’s critical infrastructure and identify vulnerabilities. “This is part of a continuum from conventional espionage into information warfare and ultimately potentially actual warfare,” the source said. “It is designed to build situational awareness of our capability.”
Security experts immediately named China as the main suspect of the attacks at a time of deepening tensions in the bilateral relationship with Australia. After Australia called for an independent investigation into the source of the coronavirus, China retaliated by imposing tariffs on Australian barley, suspending beef imports from several abattoirs and warning Chinese students and tourists they could face racist attacks if they came to Australia.
Donald Trump’s former national security adviser John Bolton praised Australia’s understanding of China’s cyber threat. In a new book, Mr Bolton said Mr Morrison was “clear-eyed” about Beijing’s intentions and strongly backed the government’s hardline position on Huawei, which was banned from participating in 5G networks in August 2018.
Australian security agency chiefs and government officials have been actively monitoring the spike in domestic and global cyber hacking during the COVID-19 pandemic, and were working closely with Five Eyes and NATO countries reporting similar online threats.
Companies and state governments are being advised by the Australian Signals Directorate and Australian Cyber Security Centre on defence strategies to thwart the industrial-scale cyber hacking campaign.
Mr Morrison, who spoke about the cyber threats with British Prime Minister Boris Johnson on Thursday night, said security agencies had not identified any “large-scale personal data breaches” during investigations in recent months.
Australian Strategic Policy Institute executive director Peter Jennings said it was “very clear” China was behind the cyber attack.
“I think you’ve got to sort of go through a checklist of factors, which is not just the capability issues that Morrison talks about but also the interest and intent,” Mr Jennings said.
“The Russians could do it. The North Koreans could do it, but neither of them have an interest on the scale of this. They have no interest in state and territory government or universities. So that leads me to conclude that the only country that has got the interest to go as broad and as deep as this and the only country with the sophistication and the size of the intelligence establishment to do it, is China. That’s very clear.
“I think you can sort of attribute 95 per cent of confidence to it being China.”
Mr Jennings’ comments to The Weekend Australian sparked a furious response from China’s Foreign Ministry spokesman, Zhao Lijian, who denied the country was behind the cyber attacks.
“I believe this comes from ASPI,” Mr Zhao said. “We have pointed out many times, this institute is funded by US arms companies and its attacks are completely baseless. China is a staunch upholder of cyberspace security and we have been a victim of cyber attacks. We have been firmly opposing all forms of cyber attacks. Our position has been clear and consistent.”
New research reveals the number of “spear-phishing” cyber attacks on Australian businesses between April and June has almost doubled in 2020, increasing by 92 per cent on the same period last year. Research conducted by Security In Depth showed cyber attacks had increased from about 1600 to 3100 per month. Attempted hacking attacks on organisations increased to 550 per month, compared to 400 last year.
Telstra chief executive Andy Penn said the telco was on “heightened alert” and working closely with security agencies and global partners. “We have seen a significant increase in cyber-attack activity in recent weeks and we are on heightened alert for ourselves and for our customers and we are actively managing the risk,” Mr Penn said.
“Cyber security is a large and growing area of risk for the security of the nation, and COVID-19 has increased that risk with so many of people working and studying from home, away from traditional security measures.”
An NBN spokesman said that while cyber attacks were increasing, Australia’s national broadband network had not been compromised.
The Weekend Australian understands several hacking cases involving Australian companies this year, including Lion, BlueScope Steel and Toll Group, were not linked with the foreign actor’s disruption campaign.
Mr Jennings, a former Defence deputy secretary and senior adviser to John Howard, said the Morrison government was “saying publicly to China ‘we know’ and in a sense putting a bit of pressure on them”. “China will read this very clearly as Australia saying ‘we know’. They are very sensitive to public naming and shaming on this issue,” he said.
In a call to arms to secure the nation’s networks against cyber threats, Mr Morrison said the government’s updated Cyber Security Strategy would be released within months and include “significant investments” across the sector.
Industry leaders are calling for the cyber security sector to feature prominently in Mr Morrison’s JobMaker plan. They are backing a new focus on priority skills to add more than 17,000 cyber professionals over the next five years to help protect companies from attacks and malicious targeting of critical infrastructure systems.
CyberCX chief strategy officer Alastair MacGibbon, a former head of the Australian Cyber Security Centre and national cyber security adviser to Malcolm Turnbull, said the state-based actor would have been identified through “techniques and procedures” used to carry out malicious activity. Mr MacGibbon said it was clear there had been a “concerted campaign carried-out by a sophisticated state-based cyber actor”.
Defence Minister Linda Reynolds said the ACSC and Home Affairs Department had updated their technical advice for organisations on Friday to help them “detect and mitigate” cyber threats. The ACSC said “copy-paste compromises” were linked to the state-based actor’s heavy use of proof-of-concept exploit code, web shells and other tools “copied almost identically from open source”. “The actor has also shown an aptitude for identifying development, test and orphaned services that are not well known or maintained by victim organisations,” it said.
As of Friday night, 250 new organisations had joined up with the ACSC, taking the total to 850. The cyber.gov.au website, which usually gets about 20,000 daily hits, received almost 100,000 hits.
Additional reporting: David Swan, Will Glasgow, Cameron Stewart
More Coverage
Minns beefs up hate-speech laws
The NSW government has announced a suite of strengthened hate-speech and anti-Semitism reforms after recent, spiralling attacks targeting the state’s Jewish community.
Workers bear brunt of cost-of-living squeeze
While the financial strain continued to ease in the December quarter, new figures reveal that workers faced the sharpest rise in their living costs of all household cohorts.