China is blamed for huge cyber attack on Australian businesses, schools and hospitals amid increasing war of words between Canberra and Beijing over calls for international inquiry into COVID-19
- Australia is being targeted by an ongoing series of cyber attacks on institutions
- The Prime Minister said a 'sophisticated state-based' actor was behind attacks
- Government agencies believe China is culprit, Daily Mail Australia understands
- The attacks have been happening for 'many months' but have been increasing
- Australia's relations with China have deteriorated since March over coronavirus
Australia is under cyber attack from a foreign state targeting universities, hospitals, industry and governments, Prime Minister Scott Morrison said today - with suspicion immediately falling on China.
Mr Morrison said a 'sophisticated state-based actor' was behind ongoing attacks which have been happening for 'many months' but have dramatically increased recently.
Security chiefs say the attackers are using the so-called 'spear-phishing' method to steal sensitive login details by sending malicious emails, before hiding under cover of 'legitimate remote accesses' once they gain entry.
The PM refused to name any suspects but said there are 'not a large number' of countries which can carry out such large-scale cyber operations.
Senior sources have told Daily Mail Australia that government agencies believe China is behind the relentless campaign to hack into the systems of Australian companies and government service providers.
Beijing and Canberra have been at loggerheads since Australia - a US security ally - became the first nation to call for an inquiry into the origins of coronavirus in March.
China retaliated by slapping an 80 per cent tariff on Australian barley and telling students and tourists not to travel Down Under in an apparent attempt to damage the Australian economy.
Senior sources have told Daily Mail Australia that government agencies believe China is behind the campaign. Pictured: Chinese President Xi Jinping at the 70th Anniversary of the founding of the People's Republic of China in October
Australia's Cyber Security Centre said today that the attackers had been staging a 'sustained targeting of Australian governments and companies'.
Australia is part of the Five Eyes intelligence-sharing network - along with Britain, Canada, New Zealand and the United States - which give the country access to advanced capabilities, but also makes it a rich target for adversaries.
Security chiefs say the hackers are sending emails with malicious links, which divert people to hazardous websites or prompt them to grant access to Office software.
These malicious tactics are known as 'spear-phishing' because they are more precisely targeted than traditional 'phishing' scams.
Four specific methods used in the Australian cyber attack include:
- Sending links to 'credential-harvesting websites' which collect usernames and passwords;
- Emails with links to malicious files, or with the malicious file directly attached;
- Links prompting users to grant Office 365 authentication tokens to the attackers;
- Use of email tracking services to identify when emails are opened and lure so-called 'click-through events'.
Once they breach a sensitive network, the attackers have been 'migrating to legitimate remote accesses using stolen credentials' and continuing to use the systems unnoticed, Australian officials say.
In addition, the hackers are 'regularly conducting reconnaissance of target networks looking for vulnerable services', pouncing on weaknesses in Microsoft, SharePoint and Citrix software.
The attackers may be 'maintaining a list of public-facing services to quickly target following future vulnerability releases', it is believed.
They have also 'shown an aptitude' for targeting unfinished or little-used software that is 'not well known or maintained by victim organisations,' officials say.
The Security Centre also referred to the attacks as 'copy-paste compromises', because much of the malicious code used by the attackers is freely available.
Officials say that some Australian firms and organisations had failed to upgrade their security systems despite the weaknesses being 'publicly known'.
A huge cyber attack has been aimed at the Australian government. Pictured: PM Scott Morrison
Chinese troops marching during a military parade in Tiananmen Square in Beijing to mark the 70th anniversary of the founding of the People's Republic of China
Intelligence officials attributed a major cyber attack on the Australian parliament last year to China - and critics say intensifying attacks could be part of a Chinese campaign to intimidate or bully Australia as tensions over trade foment.
Australia enraged China by calling for an investigation into the origins of the coronavirus pandemic and by accusing China of fuelling a virus 'infodemic' and engaging in economic 'coercion'.
China has warned its students and tourists against going to Australia, threatened more sanctions and sentenced an Australian citizen to death for drug trafficking.
Beijing and Canberra have also sparred over access to natural resources, maritime claims and the use of Chinese state-backed technology companies.
Cyber expert Nick Savvides, director of strategic business at Forcepoint, told Daily Mail Australia there could also be other motivations for the attack.
He said a state actor could be trying to gain a foothold in Australia's systems to shut down schools, hospitals and key industries in the event of war.
Another aim could be to access classified government or commercial information, according to Professor Matthew Warren of RMIT University.
Mr Savvides said he believes Mr Morrison made the announcement today to tell the attackers 'we're on to you and we know what you're up to'.
Australian Strategic Policy Institute executive director Peter Jennings said he is 95 per cent sure the attacker is China.
'The Russians could do it. The North Koreans could do it, but neither of them have an interest on the scale of this. They have no interest in state and territory government or universities,' he told The Australian.
'The only country that has got the interest to go as broad and as deep as this and the only country with the sophistication and the size of the intelligence establishment to do it, is China.'
We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used
Prime Minister Scott Morrison
The Prime Minister said investigations by the Australian Cyber Security Centre so far have not found any personal data has been leaked.
He said 'many' entities have been targeted but the success of the attacks has been 'less significant'.
'Australian organisations are currently being targeted by a sophisticated state-based cyber actor,' he said today after calling a press conference at short notice.
'This activity is targeting Australian organisations across a range of sectors, including all levels of Government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.
'We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used,' he said.
'Regrettably, this activity is not new. Frequency has been increasing.'
Mr Morrison said he would not name the enemy government because the threshold for attributing a cyber attack is very high.
He said he has spoken to Five Eyes allies including UK Prime Minister Boris Johnson last night - and also informed leader of the Opposition Anthony Albanese and state and territory leaders.
No comments: