A sophisticated, state-sponsored cyber attack is targeting Australian government, business, education and political organisations, the prime minister has warned.
Scott Morrison did not reveal the identity of the state actor that was responsible for the attacks, which he said had been launched over many months. But the scale and sophistication of the malicious activity prompted cyber-security experts to speculate that China was the most likely culprit.
“Based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated state-based cyber actor,” Mr Morrison said on Friday.
“This act is targeting Australian organisations across a range of sectors including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.”
Internet security groups and governments have warned that cyber criminals and hacking groups were exploiting the disruption caused by the coronavirus pandemic to initiate a range of phishing and malware attacks.
The cyber onslaught comes as Canberra’s relationship with Beijing has fallen to its lowest level in a generation following Australia’s call for an inquiry into the origins of the Covid-19 outbreak in Wuhan.
Mr Morrison said no large personal data breaches had been revealed and that he had talked to Australia’s Five Eye’s intelligence network partners — the US, UK, New Zealand and Canada — about the malicious activity.
When pressed on the identity of the state in question, the prime minister said there were not many actors that had the capacity to undertake such a sophisticated operation. Despite the government’s reticence to provide more detail, analysts said China was the most likely suspect owing to the wide range of targeted institutions.
“Of course it is China. There are a few countries that have the capability: Russia, China, US, UK, and perhaps Iran and North Korea, although they may not have the scale. Only China in this list will have the appetite for such a broad approach,” said Tom Uren, a cyber-security analyst at the Australian Strategic Policy Institute, a Canberra-based think-tank, in a social media post.
The Australian Cyber Security Centre, a government agency, released a statement detailing how the state actor was looking for vulnerabilities and that it was deploying spear-phishing techniques to try and compromise targets.
Some of the techniques deployed by the cyber attackers included sending emails with links to malicious files or attachments and deploying links to credential harvesting websites, it said.
Latest Coronavirus news
Follow FT’s live coverage and analysis of the global pandemic and the rapidly-evolving economic crisis here.
Last year Canberra revealed Australia’s main political parties had been hacked by a “sophisticated state actor” just months before the country’s election. Australian state agencies and universities, including the Bureau of Meteorology and the Australian National University, have also been victims of cyber attacks.
Some news organisations have cited Australian intelligence sources that blamed China for the attacks.
A spokeswoman for China’s ministry of foreign affairs last year rejected suggestions published in Australia that Beijing was responsible for the cyber attack on the parliament in Canberra. She said the suggestions were part of a “smear campaign”.