Australia says it has been target of ‘state-based’ cyber attacks

A “sophisticated state-based actor” has been attempting to hack a wide range of Australian organisations for months and had stepped up its efforts recently, Prime Minister Scott Morrison said on Friday.

The attacks have targeted all levels of the government, political organisations, essential service providers and operators of other critical infrastructure, Mr Morrison said in a media briefing in Canberra.

“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting,” he said.

Mr Morrison said there were not a lot of state actors that could launch this sort of attack, but Australia will not identify which country was responsible.

Australia’s Defence Minister Linda Reynolds said advice showed no large-scale personal data breaches from the attack, as she urged businesses and organisations to ensure any web or email servers are fully updated with the latest software and the use of multi-factor authentication.

An Australian government source said Mr Morrison’s public declaration was an attempt to raise the issue with those who could be targeted.

Australia’s chief cyber intelligence agency said its investigations have so far found no evidence that the actor attempted to be “disruptive or destructive” once within the host’s network.

Mr Morrison said he had spoke with British Prime Minister Boris Johnson on Thursday about the issue, while briefings to other allies have also been conducted.

The revelation comes after Reuters reported Canberra had determined in March last year that China was responsible for a hacking attack on Australia’s parliament. Australia never publicly identified that source of the attack and China denied it was responsible.

A US security ally, Australia strained ties with its largest trading partner, China, by pushing for an international inquiry into the source and spread of Covid-19 that first emerged in the central Chinese city of Wuhan late last year.