China blamed for surge in cyber attacks
THE Chinese Government has been accused of orchestrating a massive cyber hit on Australia, with Prime Minister Scott Morrison warning the nation’s critical infrastructure was under attack.
Mr Morrison blamed a “sophisticated state-based cyber actor” for an attack targeting Australian businesses, political organisations, education and health providers and all levels of government.
He refused to name the foreign government or agency, but five separate government and security sources told News Corp it was China.
In a hastily convened press conference, Mr Morrison called on Australian industry and individuals to upgrade their cybersecurity.
“We know it’s a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” he said.
Asked what he would say to people who would “naturally” think China was responsible for the attacks, Mr Morrison said: “I can’t control what speculation others might engage in.”
The PM said he had advised Opposition leader Anthony Albanese about the cyber attack on Thursday night, and passed messages to the premiers and chief ministers.
But despite the urgent nature of his press conference, it does not appear a single attack overnight on Thursday triggered the dramatic public announcement.
Rather, escalating attacks, which sources said were occurring daily but had increased during the COVID-19 crisis and spiked in recent days, had prompted his statement, along with concerns the public wasn’t heeding warnings from the Government’s Australian Cyber Security Centre.
“We raised this issue today not to raise concerns in the public’s mind, but to raise awareness in the public’s mind,” Mr Morrison said.
He had discussed the attacks with Boris Johnson, the Prime Minister of Five-eyes intelligence partner the UK.
The Australian Cyber Security Centre said the largely unsuccessful attacks used “spearphishing techniques”.
This included getting computer users to divert to websites which harvested credentials such as usernames and passwords, sending emails with links to malicious files, and using email-tracking services to identify when people opened emails and lure them to malicious sites.
The Chinese Embassy did not respond to a request for it to respond to Mr Morrison’s announcement.