Australia cyber attacks: PM Morrison warns of 'sophisticated' state hack

[MenInG]

Australia's government and institutions are being targeted by ongoing sophisticated state-based cyber hacks, Prime Minister Scott Morrison says.

Mr Morrison said the cyber attacks were widespread, covering "all levels of government" as well as essential services and businesses.

He declined to identify a specific state actor and said no major personal data breaches had been made.

The attacks have happened over many months and are increasing, he said.

The prime minister said his announcement on Friday was intended to raise public awareness and to urge businesses to improve their defences.

But he stressed that "malicious" activity was also being seen globally, making it not unique to Australia.

Who has been targeted?

Mr Morrison did not name specific cases but said it had spanned "government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure".

He did not give further details. Previously, defence manufacturers, government contractors and accounting firms have been among those to report data breaches.

Last year, the Australian National University said it had been hacked by a sophisticated operation which had accessed staff and student details.

Australia's main political parties and parliament were hit by a "malicious intrusion" earlier in 2019, also attributed to a "sophisticated state actor".

Who is behind it?

Speaking on Friday, Mr Morrison said officials had identified it as a state hack "because of the scale and nature of the targeting and the trade craft used".

"There are not a large number of state-based actors that can engage in this type of activity," he said, without giving specifics.

When asked to identify a country, Mr Morrison said he would not make "any public attribution".

Cyber intelligence experts have long linked various hacks in Australia to China.

They say China is one of the few states, along with Russia, Iran, and North Korea, which have the capacity for such attacks - and are not allied with Australia. However, they also note that cyber espionage between countries and even allies is common.

"There's always simmering tensions between Russia and China so really it comes down to those being the key actors they [Australia] would be referring to," expert Joshua Kennedy-White told the BBC.

The Reuters news agency has previously reported that Australian intelligence agencies suspected China of carrying out the parliament hack in 2019. Canberra declined to comment.

==

The unsaid part of the story: China

Shaimaa Khalil, BBC News Australia correspondent

The headline itself was clear. Many political, educational and health organisations have been targeted by a state-based cyber actor with "significant capabilities". However, much about Mr Morrison's press conference was understated.

For example, it was not clear why this announcement was made at this particular moment - given these attacks have been going on for a while. Mr Morrison made a similar announcement early last year.

Despite blaming a "sophisticated state actor", he refused to name names - even after being directly asked about the country almost everyone was thinking about: China.

Relations between the countries have grown tense in recent years but have significantly worsened after Australia echoed the US in calling for an inquiry into the origins of the coronavirus, first detected in China late last year.

China has since imposed tariffs on Australian barley, stopped beef imports and warned Chinese citizens and students about the "risks" of travelling to Australia for tourism or education because of racist incidents.

Australia has also ratcheted up its rhetoric. Last week, Mr Morrison said he would not give in to "coercion" from Beijing.

It's hard to be 100% sure that China could be behind this, but what we know is that Australia's leadership has chosen a moment when its relationship with its powerful trading partner is at an all-time low to announce publicly that it is under cyber-attack from a powerful state.

He said businesses - particularly health infrastructure and service providers - should improve their technical defences.

Cyber defence agencies had thwarted "many" hacking attempts but protection required "constant persistence and application", he added.

"We raised this issue today not to raise concerns in the public's mind, but to raise awareness in the public's mind," Mr Morrison said.

"We know what is going on. We are on it, but it is a day-to-day task."

Major cyber attacks in Australia

2020: Incidents reported across major Australian firms, including steel maker BlueScope, logistics firm Toll Group, and state government agency Services New South Wales

June 2019: The Australian National University revealed a "highly professional" group of up to 15 hackers gained access to student and staff details, as well as academic research, for about six months

February 2019: Australia's parliamentary computer network and political parties were subject of an attempted attack by a "state actor"

2017: Information about fighter planes and navy vessels was stolen from an Australian government contactor.

2015: Foreign spies attacked the Australian Bureau of Meteorology.

https://www.bbc.com/news/world-australia-46096768

 

[MenInG]

A wide range of political and private sector organisations in Australia have come under cyber-attack carried out by a “sophisticated state-based cyber actor”, the Australian government has revealed.

Scott Morrison disclosed the far-reaching attacks at a media conference in Canberra on Friday, while his defence minister declared that malicious cyber activity was “increasing in frequency, scale, in sophistication and in its impact”.

The government is not saying which country it believes to be responsible, except to say it is “a state-based actor, with very significant capabilities”.

The prime minister declined to respond to a specific question about whether it was China, after months of tensions in its relationship with Australia, but security experts later said they believed it, Russia and North Korea were the only countries that fell within Morrison’s description.

“I’m here today to advise you that, based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated state-based cyber actor,” Morrison told reporters.

“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.

“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used. The Australian government is aware of and alert to the threat of cyber-attacks.”

The government’s Australian Cyber Security Centre issued advice on Friday on the techniques used in the attacks, which it described under the banner “copy-paste compromises” because the attacker had heavily copied from open-source code.

The ACSC said the attacker had attempted to exploit public-facing infrastructure. But when that did not succeed, the attacker used spearphishing techniques, including sending targets links to malicious files and websites aimed at harvesting passwords.

Morrison said the activity was “not new” but the frequency had been increasing “over many months”.

He said investigations conducted so far had not revealed any “large-scale personal data breaches” of Australians’ private information. Cybersecurity, he added, had been “a constant issue for Australia to deal with”.

The prime minister said Australia was working closely with its allies and partners to manage cyber threats. He had spoken with his British counterpart, Boris Johnson, about the issue on Thursday night.

Morrison said the government was speaking publicly about the issue not to raise concerns but to raise awareness. He encouraged organisations, particularly those in health critical infrastructure and essential services, to “implement technical defences to thwart this malicious cyber activity”.

The prime minister declined to name, at this stage, which country was believed to be responsible. He said the threshold of evidence to attribute an attack to a particular country publicly was “extremely high” and it would only ever be done in line with Australia’s strategic national interests.

“What I can confirm is there are not a large number of state-based actors that can engage in this type of activity and it is clear, based on the advice that we have received, that this has been done by a state-based actor, with very significant capabilities.”

Peter Jennings, head of the Australian Strategic Policy Institute and a former senior defence official, said China, Russia and North Korea had sophisticated cyber capabilities, but it was important to factor in motive, intent and purpose.

“There is one country that has the skill, depth of capacity and a real motive to want to do it and that is China,” Jennings told Guardian Australia.

Jennings said he believed the government was raising the matter publicly without naming China in an attempt to send a signal to Beijing to moderate its behaviour after recent tensions.

Morrison said the government would release a new cybersecurity strategy in the coming months and that would include significant further funding to strengthen defences.

He said the ACSC had been briefing states and territories and working with targeted organisations to ensure their defences were appropriately raised.

The defence minister, Linda Reynolds, said increasingly sophisticated malicious cyber activity harmed Australia’s national security and economic interests. She urged all Australian organisations to be alert to the threat and protect their networks.

The government briefed the office of the opposition leader, Anthony Albanese, on Thursday evening.

Last year Reuters reported Australian had intelligence determined China was responsible for a cyber-attack on the parliament and the three largest political parties before the May 2019 federal election, citing five sources with direct knowledge.

https://www.theguardian.com/austral...says-australian-prime-minister-scott-morrison

 

[MenInG]

SYDNEY (Reuters) - Australia views China as the chief suspect in a spate of cyber-attacks of increasing frequency in recent months, three sources familiar with the government’s thinking told Reuters on Friday.

The comments came after Prime Minister Scott Morrison said a “sophisticated state-based actor” had spent months trying to hack all levels of the government, political bodies, essential service providers and operators of critical infrastructure.

“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting,” Morrison told reporters in the capital, Canberra, but declined to say who Australia believed was responsible.

Three sources briefed on the matter said Australia believed China is responsible, however.

“There is a high degree of confidence that China is behind the attacks,” one Australian government source told Reuters, seeking anonymity as he was not authorised to speak to media.

China’s embassy in Canberra did not immediately respond to requests for comment.

Australian intelligence has flagged similarities between the recent attacks and a cyber-attack on parliament and the three largest political parties in March 2019.

Last year, Reuters reported that Australia had quietly concluded China was responsible for that cyber-attack.

Australia has never publicly identified the source of that attack, however, and China denied it was responsible.

As with last year’s attack, Australia’s chief cyber intelligence agency said on Friday its investigation had found no evidence that the perpetrator sought to be “disruptive or destructive” once within the host network.

Morrison said he spoke about the issue with British Prime Minister Boris Johnson on Thursday, while other allies have also received briefings.

Defence Minister Linda Reynolds said advice showed no large-scale personal breaches of data resulting from the attack, but urged users to fully update web or email servers with the latest software and use multi-factor authentication.

An Australian government source said Morrison’s public declaration was a bid to flag the issue to potential targets.

A U.S. security ally, Australia strained ties with its largest trading partner, China, by pushing for an international inquiry into the source and spread of the coronavirus that first emerged in the central Chinese city of Wuhan late last year.

China recently imposed dumping tariffs on Australian barley, suspended some imports of beef and warned its students and tourists against travel to the country, citing racism accusations.

Two-way trade stood at A$235 billion ($162 billion) last year.

 

[sweep_shot]

I hate it when essential services are targeted.

These hackers can be big cowards sometimes.

 

[globalcitizen]

This has been ongoing for few months now and this is a call of Scott the general public and various organisations to be cyber aware.
Data theft attempts has happened in large ddos attacks. This could be significant for some country like China who could use data to understand about research on vaccines or trade and make premeditated moves.
China is not known for any innovation of their own and trying to leech others hard work by using loads of money