“Cyber attacks” on the Australian government and industry bodies are most likely being directed by China’s premier intelligence agency in retaliation for banning telco Huawei from the 5G network according to experts.
In August 2018, the Australian Government had banned Huawei and other companies from involvement in Australia’s 5G network.
Two former Australian officials confirmed that the Huawei ban sparked the malicious cyber campaign.
One of the former officials said evidence suggested the attackers may be linked to China’s most powerful intelligence service, the Ministry of State Security (MSS).
However, cybersecurity researcher Robert Potter — who has spent years investigating MSS intrusions around the world and has previously attributed breaches to them — said the low level of sophistication of the attacks made attribution difficult. “Based on the evidence, I’d say it strongly leans towards MSS,” he said. “The reality is that the tactics are so simple that it frustrates our ability to make complete attribution.”
China’s government on Friday evening rejected suggestions a large-scale hacking attack. A Chinese foreign ministry spokesman says he believes the claims of hacking originate from the Australian Strategic Policy Institute, which he says is funded by US arms companies and is making fictitious claims about China.
The Prime Minister held a press conference this morning to discuss the campaign of intrusions.
“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure,” he said.
One of the former officials said the campaign was widespread. The recent intrusions were likely designed to achieve two broad outcomes, the former official said.
“[This is] a concerted campaign against the Australian economy and political systems … for the purposes of gathering strategic information and causing economic damage.” The former official said it was likely some of the activity was also connected to attempts to steal information linked to Australia’s COVID-19 response.
On May 13, the FBI warned that China was attempting to steal US research data connected to the pandemic That came only a few days after a similar announcement by the Australia Cyber Security Centre (ACSC) — a division of Australia’s major electronic intelligence agency, the Australian Signals Directorate.
The ACSC warned of “advanced persistent threat actors” or APTs — groups of hackers often associated with foreign nations — targeting Australian COVID-19 data.
“APT groups may be seeking information and intellectual property relating to vaccine development, treatments, research and responses to the outbreak as this information is now of higher value and priority globally,” the announcement stated.
One of the former officials said the ACSC has previously pointed to this latest campaign via warnings in May and last year about vulnerabilities in web development tools created by Bulgarian company Telerik.
Yesterday, the ASCS published another advisory also related to Telerik which suggested spearphishing techniques were being used by a “sophisticated state-based actor”.
This article originally appeared on ABC.net