China is said to be the main suspect behind the series of cyber attacks on the Australian government, as well as the country’s essential service providers and operators of critical infrastructure.
Three sources linked to the Australian government have told Reuters that, despite no official statement being made, “there is a high degree of confidence that China is behind the attacks”.
The comments follow Australian PM Scott Morrison’s announcement that a “sophisticated state-based actor” was behind a series of cyber attacks targeting “government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure”.
Although the attacks had been going on for some time now, the PM said that they were increasing.
“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting,” he said, while also refusing to make “any public attribution”.
With his announcement, Morrison said he was intending to raise public awareness of the attacks and to urge businesses to improve their security. He added that he had spoken with UK prime minister Boris Johnson about the issue and that other Australian allies have also been briefed.
Reuters reported that Australian intelligence had identified similarities between the recent cyber attacks and those from March 2019, which targeted the Australian parliament and the country’s three largest political parties. An investigation into the attacks came to the conclusion that China was responsible.
Nick Savvides, director of Strategic Business at cyber security company Forcepoint, said that Morrison’s address “acts also as a signal to the threat actors responsible that the government and some in the private sector are aware of the attacks”.
“Interestingly two specific controls, patching internet-facing systems (protecting the edge of networks) [and] enforcing multi-factor authentication for users (protecting the users), were specifically called out by the Defence Minister. This indicates that attackers likely operated sophisticated targeted phishing campaigns to capture usernames and passwords from victims and were possibly in possession of 0-day vulnerabilities against systems or used older vulnerabilities on systems that are difficult to patch,” he said.
Savvides, who is based in Melbourne, added that “while Australia has significant capabilities in cyber-security and an active cyber-security community, unfortunately not all organisations are at the same level”.
“We are also struggling with a skills shortage, with unfilled cyber security roles in every sector, that means many of the skills end up in the top end of town and large departments, leaving small and medium business and government agencies exposed.”
Australia and China have had increasingly difficult relations over the last few years, worsening significantly when Australia backed the US in calling for an inquiry into the origins of the coronavirus. In retaliation, China imposed tariffs on Australian barley, ceased beef imports, and warned its citizens to not travel to Australia because of alleged racist incidents.
Last week, Morrison said he would not give in to "coercion" from the Chinese government.
