Australia says an unnamed state is using cyberattacks, hinting at China
CANBERRA, Australia — “A sophisticated statebased cyber actor” is targeting Australia in an escalating cyber campaign that is threatening all levels of government, businesses, essential services and critical infrastructure, the Australian prime minister said Friday.
Scott Morrison would not name the state, but speculation inevitably swirled that the cyberattacks were part of Australia’s increasingly hostile rift with China.
Morrison said he made the growing threat public to raise awareness and particularly wanted organizations involved in health, critical infrastructure and essential services to bolster technical defenses.
A range of sectors was being targeted, and the frequency of cyberintrusions to steal and cause harm has increased for months, he said.
“This is the actions of a state-based actor with significant capabilities. There aren’t too many state-based actors who have those capabilities,” Morrison said.
Monash University international security expert Greg Barton said the malicious nature of much of the reported cybercrimes suggested it was part of deteriorating relations between China and Australia.
“There’s no doubt that it’s China,” Barton said.
“It might be a bit of rattling of the cage and reminding us that we have some vulnerabilities and we could end up with some heavy costs that we really don’t want to think about.”
China in recent weeks has banned beef exports from Australia’s largest slaughterhouses, ended trade in Australian barley with a tariff wall and warned its citizens against visiting Australia.
The measures are widely interpreted as punishment for Australia’s advocacy of an independent probe into the origins and spread of the novel coronavirus, which has caused a pandemic.
Australia’s foreign minister this week accused China of using the anxiety around the pandemic to undermine Western democracies by spreading disinformation online, prompting China to accuse Australia of disinformation.
Morrison said that “Australia
doesn’t engage lightly in public attribution” but that he couldn’t control speculation about who was responsible for the cyberattacks.
He offered few details about the activities and said it was difficult to understand whether the intrusions were motivated by desires to steal state secrets, intellectual property or the personal data of ordinary Australians.
Australian investigations to date had not uncovered any “large-scale personal data breaches,” Morrison said. He said many of the intrusions had been thwarted.
Defense Minister Linda Reynolds said the government’s cyberagency, Australian Cyber Security Center, and the Home Affairs Department published a technical advisory on how organizations can detect and mitigate cyberthreats.
The cyber agency warned last month that “malicious cyber adversaries” were taking advantage of the fact that key staff at critical infrastructure works are working from home during the pandemic.
Power and water networks as well and transportation and communications grids were threatened.
“We are continuing to see attempts to compromise Australia’s critical infrastructure,” agency head Abigail Bradshaw said.
“It is reprehensible that cybercriminals would seek to disrupt or conduct ransomware attacks against our essential services during a major health crisis,” she added.
The agency also reported “malicious cyber actors” were attempting to “damage or impair” hospitals and emergency response organizations outside Australia.
Sydney-based brewery giant Lion said on Friday it was continuing to recover from a ransomware attack last week.
“Lion and our expert cyber team continue to investigate the ransomware attack that caused a partial IT outage last week,” a company statement said.
“It’s important to reinforce that while this attack has had an impact on our operations, we are still brewing beer and manufacturing our dairy and drinks brands, and we’ve managed to keep shipping products to many of our customers,” it added.