“Cyber attacks” on Australian government and industry bodies are most likely being directed by China’s premier intelligence agency in retaliation for banning telco Huawei from the 5G network, experts have told the ABC.
- The Prime Minister held a press conference this morning to discuss a campaign of “cyber attacks” from a “state-based cyber actor”
- It has been hard to definitively identify the source, a former Australian official has told the ABC
- Insiders say the attacks started after Huawei was banned from Australia’s 5G infrastructure rollout
In August 2018, the Australian Government banned Huawei and other companies from involvement in Australia’s 5G network.
The ABC spoke to two former Australian officials who confirmed that the Huawei ban sparked the malicious cyber campaign. Both spoke on condition of anonymity given the sensitive nature of the story.
One of the former officials said evidence suggested the attackers may be linked to China’s most powerful intelligence service, the Ministry of State Security (MSS).
However, cyber security researcher Robert Potter — who has spent years investigating MSS intrusions around the world and has previously attributed breaches to them — said the low level of sophistication of the attacks made attribution difficult.
“Based on the evidence, I’d say it strongly leans towards MSS,” he said.
“The reality is that the tactics are so simple that it frustrates our ability to make complete attribution.”
He agreed with the assessment that the campaign has been going on for a long time.
“The campaign dates back some time and correlates to a deterioration in our relationship with China,” he said.
China’s government on Friday evening rejected suggestions of a large-scale hacking attack.
A Chinese foreign ministry spokesman says he believes the claims of hacking originate from the Australian Strategic Policy Institute, which he says is funded by US arms companies and is making fictitious claims about China.
Attacks may have targeted COVID-19 data
The Prime Minister held a press conference this morning to discuss the campaign of intrusions.
“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure,” he said.
Defence has imagined modern warfare and Australia is not prepared
The year is 2022 and ticketing for the football grand final goes down. Fans don’t know it yet, but this is an act of cyber sabotage designed to distract Australia from a brewing regional war.
One of the former officials told the ABC the campaign was widespread.
“It’s massive — we’ve had some big ones before and this is just as big,” they said.
The recent intrusions were likely designed to achieve two broad outcomes, the former official said.
“[This is] a concerted campaign against the Australian economy and political systems … for the purposes of gathering strategic information and causing economic damage.”
The former official said it was likely some of the activity was also connected to attempts to steal information linked to Australia’s COVID-19 response.
On May 13, the FBI warned that China was attempting to steal US research data connected to the pandemic.
That came only a few days after a similar announcement by the Australia Cyber Security Centre (ACSC) — a division of Australia’s major electronic intelligence agency, the Australian Signals Directorate.
The ACSC warned of “advanced persistent threat actors” or APTs — groups of hackers often associated with foreign nations — targeting Australian COVID-19 data.
“APT groups may be seeking information and intellectual property relating to vaccine development, treatments, research and responses to the outbreak as this information is now of higher value and priority globally,” the announcement stated.
“Accordingly, Australia’s health or research sectors could be at greater threat of being targeted, and potentially compromised, by malicious APT groups.”
One of the former officials said the ACSC has previously pointed to this latest campaign via warnings in May and last year about vulnerabilities in web development tools created by Bulgarian company Telerik.
Yesterday, the ASCS published another advisory also related to Telerik which suggested spearphishing techniques were being used by a “sophisticated state-based actor”.
The ABC is seeking comment from the Chinese embassy.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.