Australia has been targeted by a massive cyberattack from a “sophisticated state-based actor” this week, though officials are not revealing the country behind the attack.
“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” Prime Minister Scott Morrison announced on Friday.
Morrison added that the cyberattacks have hit all levels of government, in addition to political organizations, service providers, health and education, and other critical infrastructure areas.
He noted that the culprit has been attempting the hack for months, but recently amplified its effort to gain access into government networks. He also noted that there were not many with the capability of conducting such an attack, but refused to name the nation suspected of launching the attacks, despite being asked directly about the possibility of China’s involvement.
According to a threat advisory released by the Australian government, the hacker exploited vulnerabilities in Microsoft, SharePoint, and Citrix products.
The hacker was unsuccessful at fully exploiting public-facing infrastructure, but did deploy spearphishing tactics such as emails containing malicious links or files and malware tracking a user’s email opening, which they then used to gain access to the victim’s network and their stolen credentials.
Despite breaching networks, the attacker did not conduct “any disruptive or destructive activities within victim environments,” the advisory stated.
Some experts are blaming China for the attack.
Australian Strategic Policy Institute executive director Peter Jennings told The Australian he is certain the culprit is China due to their interest in infiltrating governments.
“The only country that has got the interest to go as broad and as deep as this and the only country with the sophistication and the size of the intelligence establishment to do it, is China,” Jennings said.
Other experts have rejected the notion that the attack was “sophisticated.”
“[The state actor campaign] doesn’t look very sophisticated,” UNSW professor of cybersecurity Richard Buckland told The Guardian. “It’s well-resourced in a large scale but I haven’t seen anything yet that’s super secret or super sinister. They’re using known techniques against known vulnerabilities and following known processes.”
China has vehemently denied being involved in the attack.
“China is a staunch upholder of cyberspace security and we have been the biggest victim of cyber attack,” China’s Foreign Ministry spokesman Geng Shuang said. “We have been firmly opposing and combating all forms of cyber attacks. Our position is clear and consistent.”
Two government sources told Reuters that the recent attack is identical to a 2019 cyberattack on the Australian parliament and three political parties. China was suspected of carrying out that attack, though it denied involvement.