CANBERRA, Australia — “A sophisticated state-based cyber actor” was targeting Australia in an escalating cyber campaign that is threatening all levels of government, businesses, essential services and critical infrastructure, the prime minister said Friday.
Prime Minister Scott Morrison would not name the state, amid inevitable speculation that the cyberattacks were part of Australia’s increasingly hostile rift with China.
Morrison said he made the growing threat public to raise awareness and particularly wanted organizations involved in health, critical infrastructure and essential services to bolster technical defenses.
A range of sectors were being targeted and the frequency of cyber intrusions to steal and cause harm has increased for months, he said.
“This is the actions of a state-based actor with significant capabilities. There aren’t too many state-based actors who have those capabilities,” Morrison said.
Peter Jennings, executive director of the Australian Strategic Policy Institute think-tank, said only China had the capability and interest in launching such a massive cyber offensive against Australia.
“I’m absolutely certain that China is behind it,” Jennings said.
Chinese Foreign Ministry spokesperson Zhao Lijian dismissed such allegations, saying the China has “been opposing and combating all types of cyber attacks.”
“The attacks coming from institute against China are totally baseless nonsense,” Zhao told reporters at a daily briefing on Friday.
China in recent weeks banned beef exports from Australia’s largest abattoirs, ended trade in Australian barley with a tariff wall and warned its citizens against visiting Australia. The measures are widely interpreted as punishment for Australia’s advocacy of an independent probe into the origins and spread of the coronavirus pandemic.
Australia’s foreign minister this week accused China of using the anxiety around the pandemic to undermine Western democracies by spreading disinformation online, prompting China to accuse Australia of disinformation.
Morrison said “Australia doesn’t engage lightly in public attribution” but said he couldn’t control speculation about who was responsible for the cyber campaign.
He offered few details about the activities and said it was difficult to understand whether the intrusions were motivated by desires to steal state secrets, intellectual property or the personal data of ordinary Australians.
Australian investigations to date had not uncovered any “large-scale personal data breaches,” Morrison said. And he said many of the intrusions had been thwarted.
Defense Minister Linda Reynolds said the government’s cyber agency, Australian Cyber Security Center, and the Home Affairs Department published a technical advisory on how organizations can detect and mitigate cyber threats.
The cyber agency warned last month that “malicious cyber adversaries” were taking advantage of key staff at critical infrastructure working from home during the pandemic.
Power and water networks as well and transport and communications grids were threatened.
“We are continuing to see attempts to compromise Australia’s critical infrastructure,” agency head Abigail Bradshaw said.
“It is reprehensible that cybercriminals would seek to disrupt or conduct ransomware attacks against our essential services during a major health crisis,” she added.
The agency also reported “malicious cyber actors” were attempting to “damage or impair” hospitals and emergency response organizations outside Australia.
Sydney-based brewery giant Lion said on Friday it was continuing to recover from a ransomware attack last week.
“Lion and our expert cyber team continue to investigate the ransomware attack that caused a partial IT outage last week,” a company statement said.
“It’s important to reinforce that while this attack has had an impact on our operations, we are still brewing beer and manufacturing our dairy and drinks brands, and we’ve managed to keep shipping products to many of our customers,” it added.