China behind cyber attacks on Australia, government sources claim

Meanwhile PM Scott Morrison publicly blames "sophisticated state-based cyber actor"

China is said to be the main suspect behind the series of cyber attacks on the Australian government, as well as the country’s essential service providers and operators of critical infrastructure.

Three sources linked to the Australian government have told Reuters that, despite no official statement being made, “there is a high degree of confidence that China is behind the attacks”.

The comments follow Australian PM Scott Morrison’s announcement that a “sophisticated state-based actor” was behind a series of cyber attacks targeting “government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure”.

Although the attacks had been going on for some time now, the PM said that they were increasing.

“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting,” he said, while also refusing to make “any public attribution”.

With his announcement, Morrison said he was intending to raise public awareness of the attacks and to urge businesses to improve their security. He added that he had spoken with UK prime minister Boris Johnson about the issue and that other Australian allies have also been briefed.

Reuters reported that Australian intelligence had identified similarities between the recent cyber attacks and those from March 2019, which targeted the Australian parliament and the country’s three largest political parties. An investigation into the attacks came to the conclusion that China was responsible.

Nick Savvides, director of Strategic Business at cyber security company Forcepoint, said that Morrison’s address “acts also as a signal to the threat actors responsible that the government and some in the private sector are aware of the attacks”.

“Interestingly two specific controls, patching internet-facing systems (protecting the edge of networks) [and] enforcing multi-factor authentication for users (protecting the users), were specifically called out by the Defence Minister. This indicates that attackers likely operated sophisticated targeted phishing campaigns to capture usernames and passwords from victims and were possibly in possession of 0-day vulnerabilities against systems or used older vulnerabilities on systems that are difficult to patch,” he said.

Savvides, who is based in Melbourne, added that “while Australia has significant capabilities in cyber-security and an active cyber-security community, unfortunately not all organisations are at the same level”. 

“We are also struggling with a skills shortage, with unfilled cyber security roles in every sector, that means many of the skills end up in the top end of town and large departments, leaving small and medium business and government agencies exposed.”

Australia and China have had increasingly difficult relations over the last few years, worsening significantly when Australia backed the US in calling for an inquiry into the origins of the coronavirus. In retaliation, China imposed tariffs on Australian barley, ceased beef imports, and warned its citizens to not travel to Australia because of alleged racist incidents.

Last week, Morrison said he would not give in to "coercion" from the Chinese government.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021