21 Jun 2020

Australia cyber attacks: PM Morrison warns of 'sophisticated' state hack

8:22 am on 21 June 2020

Australia's government and institutions are being targeted by ongoing sophisticated state-based cyber hacks, Prime Minister Scott Morrison says.

Australian Prime Minister Scott Morrison speaks during a press conference on 22 March

Australian Prime Minister Scott Morrison. Photo: AFP

Morrison said the cyber attacks were widespread, covering "all levels of government" as well as essential services and businesses.

He declined to identify a specific state actor and said no major personal data breaches had been made.

The attacks have happened over many months and are increasing, he said.

The prime minister said his announcement on Friday was intended to raise public awareness and to urge businesses to improve their defences.

But he stressed that "malicious" activity was also being seen globally, making it not unique to Australia.

Who has been targeted?

Morrison did not name specific cases but said it had spanned "government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure".

He did not give further details. Previously, defence manufacturers, government contractors and accounting firms have been among those to report data breaches.

Last year, the Australian National University said it had been hacked by a sophisticated operation which had accessed staff and student details.

Australia's main political parties and parliament were hit by a "malicious intrusion" earlier in 2019, also attributed to a "sophisticated state actor".

Who is behind it?

Speaking on Friday, Morrison said officials had identified it as a state hack "because of the scale and nature of the targeting and the trade craft used".

"There are not a large number of state-based actors that can engage in this type of activity," he said, without giving specifics.

When asked to identify a country, Morrison said he would not make "any public attribution".

Cyber intelligence experts have long linked various hacks in Australia to China.

They say China is one of the few states, along with Russia, Iran, and North Korea, which have the capacity for such attacks - and are not allied with Australia. However, they also note that cyber espionage between countries and even allies is common.

"There's always simmering tensions between Russia and China so really it comes down to those being the key actors they [Australia] would be referring to," expert Joshua Kennedy-White told the BBC.

The Reuters news agency has previously reported that Australian intelligence agencies suspected China of carrying out the parliament hack in 2019. Canberra declined to comment.

Which actions did Morrison urge?

He said businesses - particularly health infrastructure and service providers - should improve their technical defences.

Cyber defence agencies had thwarted "many" hacking attempts but protection required "constant persistence and application", he added.

"We raised this issue today not to raise concerns in the public's mind, but to raise awareness in the public's mind," Morrison said.

"We know what is going on. We are on it, but it is a day-to-day task."

BBC analysis: The unsaid part of the story - China

The headline itself was clear. Many political, educational and health organisations have been targeted by a state-based cyber actor with "significant capabilities". However, much about Morrison's press conference was understated.

For example, it was not clear why this announcement was made at this particular moment - given these attacks have been going on for a while. Morrison made a similar announcement early last year.

Despite blaming a "sophisticated state actor", he refused to name names - even after being directly asked about the country almost everyone was thinking about: China.

Relations between the countries have grown tense in recent years but have significantly worsened after Australia echoed the US in calling for an inquiry into the origins of the coronavirus, first detected in China late last year.

China has since imposed tariffs on Australian barley, stopped beef imports and warned Chinese citizens and students about the "risks" of travelling to Australia for tourism or education because of racist incidents.

Australia has also ratcheted up its rhetoric. Last week, Morrison said he would not give in to "coercion" from Beijing.

It's hard to be 100 percent sure that China could be behind this, but what we know is that Australia's leadership has chosen a moment when its relationship with its powerful trading partner is at an all-time low to announce publicly that it is under cyber-attack from a powerful state.

Major cyber attacks in Australia

  • 2020: Incidents reported across major Australian firms, including steel maker BlueScope, logistics firm Toll Group, and state government agency Services New South Wales
  • June 2019: The Australian National University revealed a "highly professional" group of up to 15 hackers gained access to student and staff details, as well as academic research, for about six months
  • February 2019: Australia's parliamentary computer network and political parties were subject of an attempted attack by a "state actor"
  • 2017: Information about fighter planes and navy vessels was stolen from an Australian government contractor.
  • 2015: Foreign spies attacked the Australian Bureau of Meteorology.

- BBC