Australia Hit by Cyber Attack from ‘A State-based Actor, with very Significant Capabilities’

By Jarren Buendia on August 14, 2020

Executive Summary:

According to multiple sources, Australia has been the target of increasingly frequent, and sophisticated, state-based cyber attacks over many months. The Prime Minister of Australia, Scott Morrison, announced that multiple organizations, from both public and private sectors, have been attacked. In addition, based on Morrison’s description of the attacker, the perpetrator has to be a highly-capable, nation-state actor, which limits the suspect list to high-profile countries (China, Russia, Iran, etc.). However, while Australian parliament all but names a suspect, Australia’s trade minister, Simon Birmingham, pushes hard to re-establish trade agreements with China. Chinese tariffs on Australian exports come after choice comments were exchanged between Australia and China due to Covid-19. So while the motive may be there, and security experts agree that China is a possible (as well as one of the more probable) suspect, the Prime Minister specifically declined to comment about China. Thusly, if China is behind these attacks, but Australia declines to attribute them as the attacker, in order to strengthen trade in the current Covid-19 era, this situation shows how even national security can give way to economic power and influence.

Open Source Intelligence (OSINT) Details:

According to the Guardian newgroup, Morrison spoke about the depth and nature of the recent cyber attacks at a media conference in Australia’s capital city of Canberra (Hurst, 2020). He stated that, “malicious cyber-activity was ‘increasing in frequency, scale, in sophistication and its impact” (Hurst, 2020). Presently, Australia’s government has not attributed the attack to any specific actors. However, Morrison stated that the attacker is, “a state-based actor, with very significant capabilities […] because of the scale and nature of the targeting and the tradecraft used” (Hurst, 2020). The Prime Minister went on to say that targets ranged from, “all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure” (Hurst, 2020).

In terms of technical details, the Guardian quotes Australia’s Cyber Security Centre (ACSC) as stating the technique used in the attacks as “copy-paste compromises” (Hurst, 2020). What this means is that, in the attacker’s goals of compromising public-facing infrastructure, they copied heavily from open source code (Hurst, 2020). However, the Guardian article also reported that those attacks failed, so the actor(s) moved on to spear phishing. The Prime Minister also stated that the frequency of attacks has increased, “over many months,” and investigations have not revealed any “large-scale personal data breaches” (Hurst, 2020).

Although “sophisticated state-based actors” could mean a number of nations, many experts and reports are naming China as a strong potential culprit. The reason for this comes from the fact that tensions between Australia and China have risen significantly due to Covid-19 (Hurst & Kuo, 2020). The short version is that Australia’s “vocal and early calls for an independent inquiry into the origins and handling of Covid-19,” had angered the Chinese government to the point that they imposed trade tariffs against Australia and warned students/tourists that they would be met with racism within the country (Hurst & Kuo, 2020). In light of this warning, Australia’s foreign minister, Marise Payne, characterized it as “disinformation” (Hurst & Kuo, 2020). In response, the Chinese government criticized the Australian government, accused them of shifting attention away from victims, and slandering the country (Hurst & Kuo, 2020).

Finally, while Australian trade minister, Simon Birmingham, does not want to compromise on his country’s values or policies, he passionately seeks to rebuild trade relations with China. According to the Guardian, Birmingham voiced his frustrations about not being able to speak to his Chinese trade counterpart for over a month, stated that Australia is “ready to talk,” and also appealed to China in order to, “[…]realize the mutual benefits of trade with Australia” (Hurst & Kuo, 2020). Lastly, Birmingham also stated that, “an inward-looking Australia ‘would be a smaller, poorer Australia’” (Hurst & Kuo, 2020)

Potential Impacts:

In terms of Australia being the target of coordinated cyber attacks, that isn’t newsworthy in itself. As we’ve seen over the last few months, cyber attacks have increased exponentially due to Covid-19. The global pandemic has given malicious actors both an overwhelming motive, as well as unprecedented circumstances/attack surfaces (i.e. many people working from home). However, that isn’t to say that this public announcement should be dismissed. For the Australian Prime Minister to specifically speak about these attacks means these incidents are concerning at best, and destructive at worst. In addition, if allegations are true, that the culprit is China, and the motive is retaliation, more countries could join Australia in announcing they are being heavily cyber targeted. Especially countries that were “vocal” and “early” in their statements about Covid and China.

Secondly, even though details about the effects of these attacks are being withheld, it appears that China has the means and the motive. If the Australian government does attribute China, that could be one of the last straws for trade relations. Based on how vehemently Birmingham wants to discuss the trade tariffs with China, it appears that if trade tensions remain the same, or worsen, it will have/already does have a significant impact on Australia’s economy.

Lastly, according to a similar BBC article, “It’s hard to be 100% sure that China could be behind this, but what we know is that Australia’s leadership has chosen a moment when its relationship with its powerful trading partner is at an all-time low to announce publicly that it is under cyber-attack from a powerful state” (BBC, 2020).

Significance:

There are several points of significance with Australia being heavily cyber-targeted. However, the most significant point I find is Australia’s apparent tight-rope walk between attribution and appeasement. For the reasons stated above, and others that aren’t publicly available, cyber-experts say China is a strong possibility (BBC, 2020). Peter Jennings, the head of the Australian Strategic Policy Institute (and former senior defense official) stated that, “there is one country that has the skill, depth of capacity and a real motive to want to do it and that is China” (Hurst, 2020). In addition to that, the Prime Minister stated that the threshold of evidence to attribute these attacks to a particular country is extremely high, but would only happen if it was in Australia’s national interest (Hurst, 2020). Moreover, which would align with the idea that China has retaliation as a motive, the Chinese government both denied claims that they are the perpetrators, as well as repeated they are constantly the victim of cyber attacks.

However, even with that said, Australia is trying to remain in China’s favor for economic purposes. Birmingham is trying to initiate conversation with China (saying that Australia is ready to talk), appealing to the mutual benefits that would come from less restricted trade, and is a staunch opposer to the idea of closing Australia’s borders to foreign competition by taxing imports (AKA protectionism). Thusly, to summarize, a not-insignificant amount of signs point to China as being the culprit here, but it would not be in Australia’s best interests to strain their economic tensions with a powerhouse like China, further. Nation-state actors conduct cyber attacks for intelligence gathering, political leverage, and military posturing (Chapman, 2015). Recently, countries are conducting more frequent attacks against other countries, in order to gather Covid-19 information; however, that is not the only reason. The world, not just Australia, could find itself in situations where the frequency of attacks won’t lessen, the sophistication won’t simplify, and the intent to damage will not decrease, mostly because there are not many consequences for China. What happens behind closed doors is a completely different story, but in the public eye, China is too big a market for many countries to comfortably strain relations with. When it comes down to it, sometimes national interests have the possibility to give way to economic power.

Sources:

“Planning for Malicious Activity on Communications Networks.” Sept 2015. Retrieved From: ijert.org. Retrieved: 01 July 2020.

“Australia cyber attacks: PM Morrison warns of ‘sophisticated’ state hack.” 19 June 2020. Retrieved From: bbc.com. Retrieved: 01 July 2020.

“China hits back at Australia’s ‘rubbish’ accusations of spreading disinformation.” 17 June 2020. Retrieved From: theguardian.com. Retrieved: 01 July 2020.

“Advisory 2020-008: Copy-paste compromises – tactics, techniques and procedures used to target multiple Australian networks.” 19 June 2020. Retrieved From: cyber.gov.au. Retrieved: 01 July 2020.