Australia says an unnamed state is increasing cyberattacks on its infrastructure, businesses

Australian Prime Minister Scott Morrison speaks in Parliament in Canberra in February.
(Rod McGuirk / Associated Press)

“A sophisticated state-based cyber actor” is targeting Australia in an escalating cyber campaign that is threatening all levels of government, businesses, essential services and critical infrastructure, the Australian prime minister said Friday.

Premier Scott Morrison would not name the state, but speculation inevitably swirled that the cyberattacks were part of Australia’s increasingly hostile rift with China.

Morrison said he made the growing threat public to raise awareness and particularly wanted organizations involved in health, critical infrastructure and essential services to bolster technical defenses.


A range of sectors was being targeted, and the frequency of cyber-intrusions to steal and cause harm has increased for months, he said.

“This is the actions of a state-based actor with significant capabilities. There aren’t too many state-based actors who have those capabilities,” Morrison said.

Monash University international security expert Greg Barton said the malicious nature of much of the reported cyber crimes suggested it was part of deteriorating relations between China and Australia.

Australia says it doesn’t want a trade war with China, which is angry at Australia’s push for an investigation into its handling of the coronavirus.

“There’s no doubt that it’s China,” Barton said. “It might be a bit of rattling of the cage and reminding us that we have some vulnerabilities and we could end up with some heavy costs that we really don’t want to think about.”

China in recent weeks banned beef exports from Australia’s largest slaughterhouses, ended trade in Australian barley with a tariff wall and warned its citizens against visiting Australia. The measures are widely interpreted as punishment for Australia’s advocacy of an independent probe into the origins and spread of the coronavirus pandemic.

Australia’s foreign minister this week accused China of using the anxiety around the pandemic to undermine Western democracies by spreading disinformation online, prompting China to accuse Australia of disinformation.

Morrison said that “Australia doesn’t engage lightly in public attribution” but that he couldn’t control speculation about who was responsible for the cyber campaign.

The aggressive nationalism of China’s diplomats matches the swagger of Xi Jinping’s China, which is determined to deflect blame for the coronavirus.

He offered few details about the activities and said it was difficult to understand whether the intrusions were motivated by desires to steal state secrets, intellectual property or the personal data of ordinary Australians.

Australian investigations to date had not uncovered any “large-scale personal data breaches,” Morrison said. He said many of the intrusions had been thwarted.

Defense Minister Linda Reynolds said the government’s cyber agency, Australian Cyber Security Center, and the Home Affairs Department published a technical advisory on how organizations can detect and mitigate cyber threats.

The cyber agency warned last month that “malicious cyber adversaries” were taking advantage of the fact that key staff at critical infrastructure works are working from home during the pandemic. Power and water networks as well and transportation and communications grids were threatened.

China confirmed Thursday it had arrested prominent Australian writer and blogger Yang Hengjun on suspicion of endangering national security, the identical accusation used in the recent detention of two Canadian citizens.

“We are continuing to see attempts to compromise Australia’s critical infrastructure,” agency head Abigail Bradshaw said.

“It is reprehensible that cybercriminals would seek to disrupt or conduct ransomware attacks against our essential services during a major health crisis,” she added.

The agency also reported “malicious cyber actors” were attempting to “damage or impair” hospitals and emergency response organizations outside Australia.

Sydney-based brewery giant Lion said on Friday it was continuing to recover from a ransomware attack last week.

“Lion and our expert cyber team continue to investigate the ransomware attack that caused a partial IT outage last week,” a company statement said.

“It’s important to reinforce that while this attack has had an impact on our operations, we are still brewing beer and manufacturing our dairy and drinks brands, and we’ve managed to keep shipping products to many of our customers,” it added.