SYDNEY • Australia’s Prime Minister said yesterday that his country was under a broad cyber attack from a ”state-based actor” targeting government, public services and businesses, with suspicions falling on China.
Warning Australians of ”specific risks” and an increased tempo of attacks, Mr Scott Morrison told a press conference that a range of sensitive institutions had been hit.
”This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure,” Mr Morrison said.
”We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting,” Mr Morrison told reporters but declined to say who Australia believed was responsible.
He said it could only have come from one of a handful of states and that the attackers had spent months trying to hack all levels of the government, political bodies, essential service providers and operators of critical infrastructure.
Suspicions immediately fell on Beijing, which has clashed repeatedly with Canberra as it looks to increase the cost of Australia speaking out against Chinese Communist Party interests.
Three sources familiar with the government’s thinking told Reuters yesterday that China was the chief suspect in a spate of recent cyber attacks, a suggestion swiftly dismissed by Beijing.
”There is a high degree of confidence that China is behind the attacks,” one Australian government source told Reuters, asking not to be identified.
A Chinese Foreign Ministry spokesman denied Beijing was involved and said China ”firmly opposed all forms of cyber attacks”.
Australian intelligence has flagged similarities between the recent cyber attacks and one on Parliament and the three largest political parties in March last year.
Reuters reported last year that Australia had quietly concluded China was responsible for that cyber attack.
Australia has never publicly identified the source of that attack, however, and China denied that it was responsible.
As with last year’s attack, Australia’s chief cyber intelligence agency said yesterday that its investigation had found no evidence that the perpetrator sought to be ”disruptive or destructive” once within the host network.
Mr Morrison said he spoke about the issue with British Prime Minister Boris Johnson on Thursday, while other allies have also received briefings.
Defence Minister Linda Reynolds said advice showed no large-scale personal breaches of data resulting from the attack, but urged users to fully update Web or e-mail servers with the latest software and use multi-factor authentication.
The current attack appears designed to hide authorship, using socalled ”copy-paste” cyber tools that can be easily found open source, Australia’s signals intelligence agency said.
The cyber attacks also used ”spearfishing” techniques, sending e-mails with malicious files, links and Office 365 prompts.
Mr Morrison’s vagueness about the threat and its source was deliberate, according to Mr Ben Scott, a former Australian intelligence official now with the Lowy Institute think-tank.
”Public attribution – and the threat of doing so – is seen as one way of warning and deterring an opponent,” he said. ”But early attribution can also be provocative.”
AGENCE FRANCE-PRESSE, REUTERS