A wide range of political and private sector organisations in Australia have come under cyber-attack carried out by a “sophisticated state-based cyber actor”, the Australian government has revealed.
Scott Morrison disclosed the far-reaching attacks at a media conference in Canberra on Friday, while his defence minister declared that malicious cyber activity was “increasing in frequency, scale, in sophistication and in its impact”.
The government is not saying which country it believes to be responsible, except to say it is “a state-based actor, with very significant capabilities”.
The prime minister declined to respond to a specific question about whether it was China, after months of tensions in its relationship with Australia, but security experts later said they believed it, Russia and North Korea were the only countries that fell within Morrison’s description.
“I’m here today to advise you that, based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated state-based cyber actor,” Morrison told reporters.
“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.
“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used. The Australian government is aware of and alert to the threat of cyber-attacks.”
The government’s Australian Cyber Security Centre issued advice on Friday on the techniques used in the attacks, which it described under the banner “copy-paste compromises” because the attacker had heavily copied from open-source code.
The ACSC said the attacker had attempted to exploit public-facing infrastructure. But when that did not succeed, the attacker used spearphishing techniques, including sending targets links to malicious files and websites aimed at harvesting passwords.
Morrison said the activity was “not new” but the frequency had been increasing “over many months”.
He said investigations conducted so far had not revealed any “large-scale personal data breaches” of Australians’ private information. Cybersecurity, he added, had been “a constant issue for Australia to deal with”.
The prime minister said Australia was working closely with its allies and partners to manage cyber threats. He had spoken with his British counterpart, Boris Johnson, about the issue on Thursday night.
Morrison said the government was speaking publicly about the issue not to raise concerns but to raise awareness. He encouraged organisations, particularly those in health critical infrastructure and essential services, to “implement technical defences to thwart this malicious cyber activity”.
The prime minister declined to name, at this stage, which country was believed to be responsible. He said the threshold of evidence to attribute an attack to a particular country publicly was “extremely high” and it would only ever be done in line with Australia’s strategic national interests.
“What I can confirm is there are not a large number of state-based actors that can engage in this type of activity and it is clear, based on the advice that we have received, that this has been done by a state-based actor, with very significant capabilities.”
Peter Jennings, head of the Australian Strategic Policy Institute and a former senior defence official, said China, Russia and North Korea had sophisticated cyber capabilities, but it was important to factor in motive, intent and purpose.
“There is one country that has the skill, depth of capacity and a real motive to want to do it and that is China,” Jennings told Guardian Australia.
Jennings said he believed the government was raising the matter publicly without naming China in an attempt to send a signal to Beijing to moderate its behaviour after recent tensions.
Morrison said the government would release a new cybersecurity strategy in the coming months and that would include significant further funding to strengthen defences.
He said the ACSC had been briefing states and territories and working with targeted organisations to ensure their defences were appropriately raised.
The defence minister, Linda Reynolds, said increasingly sophisticated malicious cyber activity harmed Australia’s national security and economic interests. She urged all Australian organisations to be alert to the threat and protect their networks.
The government briefed the office of the opposition leader, Anthony Albanese, on Thursday evening.
Last year Reuters reported Australian had intelligence determined China was responsible for a cyber-attack on the parliament and the three largest political parties before the May 2019 federal election, citing five sources with direct knowledge.