China is blamed for huge cyber attack on Australian businesses, schools and hospitals amid increasing war of words between Canberra and Beijing over calls for international inquiry into COVID-19

• Australia is being targeted by an ongoing series of cyber attacks on institutions  
• The Prime Minister said a 'sophisticated state-based' actor was behind attacks
• Government agencies believe China is culprit, Daily Mail Australia understands 
• The attacks have been happening for 'many months' but have been increasing
• Australia's relations with China have deteriorated since March over coronavirus 

Australia is under cyber attack from a foreign state targeting universities, hospitals, industry and governments, Prime Minister Scott Morrison said today - with suspicion immediately falling on China. 

Mr Morrison said a 'sophisticated state-based actor' was behind ongoing attacks which have been happening for 'many months' but have dramatically increased recently. 

Security chiefs say the attackers are using the so-called 'spear-phishing' method to steal sensitive login details by sending malicious emails, before hiding under cover of 'legitimate remote accesses' once they gain entry. 

The PM refused to name any suspects but said there are 'not a large number' of countries which can carry out such large-scale cyber operations. 

Senior sources have told Daily Mail Australia that government agencies believe China is behind the relentless campaign to hack into the systems of Australian companies and government service providers.

Beijing and Canberra have been at loggerheads since Australia - a US security ally - became the first nation to call for an inquiry into the origins of coronavirus in March.

China retaliated by slapping an 80 per cent tariff on Australian barley and telling students and tourists not to travel Down Under in an apparent attempt to damage the Australian economy.  

Senior sources have told Daily Mail Australia that government agencies believe China is behind the campaign. Pictured: Chinese President Xi Jinping at the 70th Anniversary of the founding of the People's Republic of China in October

Australia's Cyber Security Centre said today that the attackers had been staging a 'sustained targeting of Australian governments and companies'. 

Australia is part of the Five Eyes intelligence-sharing network - along with Britain, Canada, New Zealand and the United States - which give the country access to advanced capabilities, but also makes it a rich target for adversaries. 

Security chiefs say the hackers are sending emails with malicious links, which divert people to hazardous websites or prompt them to grant access to Office software. 

These malicious tactics are known as 'spear-phishing' because they are more precisely targeted than traditional 'phishing' scams.  

Four specific methods used in the Australian cyber attack include:

• Sending links to 'credential-harvesting websites' which collect usernames and passwords;
• Emails with links to malicious files, or with the malicious file directly attached;
• Links prompting users to grant Office 365 authentication tokens to the attackers;
• Use of email tracking services to identify when emails are opened and lure so-called 'click-through events'.

Once they breach a sensitive network, the attackers have been 'migrating to legitimate remote accesses using stolen credentials' and continuing to use the systems unnoticed, Australian officials say. 

In addition, the hackers are 'regularly conducting reconnaissance of target networks looking for vulnerable services', pouncing on weaknesses in Microsoft, SharePoint and Citrix software. 

The attackers may be 'maintaining a list of public-facing services to quickly target following future vulnerability releases', it is believed. 

They have also 'shown an aptitude' for targeting unfinished or little-used software that is 'not well known or maintained by victim organisations,' officials say.  

The Security Centre also referred to the attacks as 'copy-paste compromises', because much of the malicious code used by the attackers is freely available. 

Officials say that some Australian firms and organisations had failed to upgrade their security systems despite the weaknesses being 'publicly known'.  

+11

A huge cyber attack has been aimed at the Australian government. Pictured: PM Scott Morrison

+11

Chinese troops marching during a military parade in Tiananmen Square in Beijing to mark the 70th anniversary of the founding of the People's Republic of China

Intelligence officials attributed a major cyber attack on the Australian parliament last year to China - and critics say intensifying attacks could be part of a Chinese campaign to intimidate or bully Australia as tensions over trade foment. 

Australia enraged China by calling for an investigation into the origins of the coronavirus pandemic and by accusing China of fuelling a virus 'infodemic' and engaging in economic 'coercion'.

China has warned its students and tourists against going to Australia, threatened more sanctions and sentenced an Australian citizen to death for drug trafficking.

Beijing and Canberra have also sparred over access to natural resources, maritime claims and the use of Chinese state-backed technology companies.

Cyber expert Nick Savvides, director of strategic business at Forcepoint, told Daily Mail Australia there could also be other motivations for the attack.

He said a state actor could be trying to gain a foothold in Australia's systems to shut down schools, hospitals and key industries in the event of war.  

Another aim could be to access classified government or commercial information, according to Professor Matthew Warren of RMIT University.

Mr Savvides said he believes Mr Morrison made the announcement today to tell the attackers 'we're on to you and we know what you're up to'. 

Australian Strategic Policy Institute executive director Peter Jennings said he is 95 per cent sure the attacker is China. 

'The Russians could do it. The North Koreans could do it, but neither of them have an interest on the scale of this. They have no interest in state and territory government or universities,' he told The Australian.  

'The only country that has got the interest to go as broad and as deep as this and the only country with the sophistication and the size of the intelligence establishment to do it, is China.' 

We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used 

Prime Minister Scott Morrison 

The Prime Minister said investigations by the Australian Cyber Security Centre so far have not found any personal data has been leaked. 

He said 'many' entities have been targeted but the success of the attacks has been 'less significant'. 

'Australian organisations are currently being targeted by a sophisticated state-based cyber actor,' he said today after calling a press conference at short notice.

'This activity is targeting Australian organisations across a range of sectors, including all levels of Government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure. 

'We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used,' he said.   

'Regrettably, this activity is not new. Frequency has been increasing.'

Mr Morrison said he would not name the enemy government because the threshold for attributing a cyber attack is very high. 

He said he has spoken to Five Eyes allies including UK Prime Minister Boris Johnson last night - and also informed leader of the Opposition Anthony Albanese and state and territory leaders.

Who was behind attack and why? 

Prime Minster Scott Morrison has refused to name any suspects.

But Senior sources have told said that government agencies believe China is behind the campaign to hack into the systems of Australian companies and government service providers.  

Cyber expert Nick Savvides, director of strategic business at Forcepoint, told Daily Mail Australia there are ten to 15 states that could be behind the attack including Russia, China, Iran and North Korea.

He said motivation for a state-sponsored cyber attack can be to gain a foothold in an enemy's systems to shut down schools, hospitals and key industries in the event of war.  

'Attribution is really hard because you can be anyone you want to be in cyber space,' Mr Savvides said.

'Hackers can make operations look like they come from another state by mimicking another state actor. 

'To some it may sound like Scott Morrison is trying to get out of naming a suspect but I sympathise with him.

'We're in a heightened geopolitical climate so you would want to be absolutely sure and have evidence you can publicly state before you name some-one.'

Mr Savvides said the Prime Minister had used 'very powerful language' by declaring the attack was by a state. 

+11

Chinese President Xi Jinping attends the opening of the National People's Congress at The Great Hall Of The People on May 22

He said current trade tensions with China may lead people to believe the attack was ordered by Beijing - but another state could be capitalising on this to get away with it.  

Mr Savvides said he believed Mr Morrison gave the press conference today to tell the attackers 'we're on to you and we know what you're up to'. 

Australian Strategic Policy Institute executive director Peter Jennings said he is 95 per cent sure it was China. 

'The Russians could do it. The North Koreans could do it, but neither of them have an interest on the scale of this. They have no interest in state and territory government or universities,' he told The Australian.  

'The only country that has got the interest to go as broad and as deep as this and the only country with the sophistication and the size of the intelligence establishment to do it, is China.'  

Lion, which has a portfolio including Little Creatures, XXXX, Tooheys and James Squire, was hit with a cyber attack on June 8

Defence Minister Linda Reynolds said: 'There is no doubt that malicious cyber activity is increasing in frequency, scale, in sophistication and in its impact.' 

She urged businesses to check their cyber security and take extra steps such as ensuring employees use multi-factor identification before logging in to devices. 

Food and drink company Lion was forced to shut down production for eight days after a cyber attack on its systems on 8 June.

Mr Morrison said that attack was not related to the state attack announced today.  

Lion, which produces Little Creatures, XXXX, Tooheys and James Squire, shut down its Little Creatures brewery in Geelong. 

The education sector has been targeted by the cyber attacks which have been happening for months 

The cyber attack has resulted in temporary shortages or out-of-stock products in kegs, bottles and cans. 

An attack on the federal parliament and three largest political parties before the general election last year was earlier this year attributed to China by security agencies.Matt Warren, from RMIT University Centre for Cyber Security Research and Innovation, said cyber attacks were 'the new normal'.

'It's not that there's an increase in cyber-attacks, but we're seeing these attacks be more successful because what they're focusing on is the human aspect,' he told the Geelong Advertiser.

'It also highlights that organisations aren't prepared for it.

Steps to improve cyber security 

Defence Minister Linda Reynolds urged businesses to check their cyber security and take extra steps such as ensuring employees use multi-factor identification to use devices. 

She said: 'Firstly, patch your Internet facing devices promptly, ensuring that any web or email servers are fully updated with the latest software. 

'Secondly, ensure you always use multifactor authentication to secure your Internet access, infrastructure and also your CLOUD-based platforms. 

'Thirdly, it's important to become an ACSC partner to ensure you get the latest cyber threat advice to protect your organisation online.' 

'It's actually a relatively easy cyber attack to recover from, but the problem is because organisations have now become complex, they haven't kept up their backup resilience strategy to reflect their operations.'     

Earlier this week Australia launched six warships into the Indo-Pacific for training operations ahead of huge show of force in the region with the US Navy.

HMA Ships Canberra, Hobart, Stuart, Anzac, Ballarat and Arunta all left their base in Sydney Harbour on Monday.  

They will conduct 'task group training' before taking part in a warfare training exercise with the US and other allies known as the Rim of the Pacific in August.

+11

Australia has launched six warships into the Indo-Pacific for training operations ahead of huge show of force in the region with the US Navy. Pictured: HMA Ships Stuart (foreground), Hobart and Canberra (background) depart Fleet Base East in Sydney

Left to right: HMA Ships Stuart, Hobart and Canberra depart Fleet Base East in Sydney for Force Integrated Training

The exercise is the world's largest international maritime warfare training mission, held every two years from Honolulu, Hawaii. 

A defence spokesman said the ships are 'currently conducting maritime task group training under strict COVID-19 preventive measures'.

It comes amid trade tensions with China after Australia angered Beijing by calling for an inquiry into the origins of coronavirus which erupted in Wuhan.

In recent months China has increased training exercises in the Pacific and started trailing its first homemade aircraft carrier. Prime Minster Scott Morrison said China should not be shocked by the show of force. 

'These are our routine partnerships and exercises that we do. There's nothing extraordinary about that,' he told Sydney radio 2GB. 

'I don't think it would cause anyone any surprise who are looking in from elsewhere.'

HMAS Sirius departs Fleet Base West for taskgroup force integrated training

Left to right: HMA Ships Canberra, Hobart and Stuart depart Sydney Harbour on Monday