Australia blames a state actor for major disruptions. China is already denying it.

The "sophisticated" campaign coincides with an ongoing trade row between Canberra and Beijing.

Government agencies and private companies in Australia are experiencing a “sophisticated” cyberattack carried out by a nation-state, according to Prime Minister Scott Morrison.

In an announcement Friday, Morrison informed the public that “all levels of government” and a number of critical businesses and essential services are dealing with malicious activity that is accelerating in severity after beginning months ago. Specific details about the incident are scarce, and Morrison has declined to name the government behind the attacks, the motive or the exact nature of the incident. There has not been a major compromise of personal data, he said.

“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” he said. “There aren’t too many state-based actors who have those capabilities.”

Senior government officials told Australia’s ABC News that China is the main suspect in the attack, adding that intelligence agencies still are gathering information about the apparent surge in activity.


China and Australia have been engaged in an escalating trade dispute, and Beijing recently introduced trade restrictions on some products from the smaller country. Australian lawmakers also have called for an investigation into China’s handling of the COVID-19 outbreak, a probe that Beijing has said would push the countries’ relationship “beyond repair.”

Zhao Lijian, spokesman for China’s Ministry of Foreign Affairs, said suggestions about Beijing’s involvement in a hacking campaign “are completely baseless.” Instead, Zhao speculated that the Australian Strategic Policy Institute, a Canberra-based think tank that he said receives funding from U.S. arms manufacturers, was somehow involved in “hyping up, or creating, all kinds of anti-China topics.” APSI also has published a map detailing the expansion of major Chinese technology firms.

The Australian Cyber Security Centre said in an advisory the hacking campaign involves “copy-paste compromises,” which rely on the attackers’ ability to recognize and exploit unpatched software vulnerabilities in Microsoft SharePoint software, and a flaw in Citrix technology that was revealed in 2019. The bulletin noted that hackers are using “proof-of-concept exploit code, web shells and other tools copied almost identically from open-source.”

Venture capital firms and defense contractors are among the private sector organizations hit hardest by the campaign, the Australian Financial Review reported.

Australian intelligence agencies determined last year that China’s Ministry of State Security was behind a hack on Australia’s national parliament and three largest political parties prior to a general election, Reuters first reported. The Australian government did not officially name China as the culprit at the time to avoid creating turmoil in the nations’ trade relationship.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts