Prime Minister Morrison suspects a high-tech state is behind the large-scale cyber attack. China is forced to deny.

When a prime minister arranges a press conference to speak on a single topic, it alone shows the importance the government attaches to it. On Friday, Australian Prime Minister Scott Morrison, accompanied by Secretary of Defense Linda Reynolds, stepped in front of the cameras in Canberra to publicize that “Australia is the target of a cyberattack by a highly developed state actor”. The attack is directed against “all levels of government”, the economy, political organizations, education and healthcare, providers of systemically important services and operators of critical infrastructures.


He did not say which country the experts blame for, on whose advice Morrison went public. Only that, given the scale of the attacks, the nature of the targets and the technical skills, you are sure that you are dealing with a state actor. Morrison also left the question of whether the government knew which country was behind the attacks. The threshold for a public write-up is “very high”. But there are “not a very large number” of such actors. However, according to reports from the Australian media, it is clear that China is responsible for the attacks. The Ministry of Foreign Affairs in Beijing immediately responded to the reports with a denial.

China is Australia’s main trading partner. Relations are tense anyway, not least because Morrison was one of the first leaders to call for an international investigation into the origins of the corona pandemic in China, as did US President Donald Trump. China recently imposed punitive tariffs on agricultural products from Australia and stopped meat imports – officially because of allegations of dumping. At the same time, it warned its citizens against traveling to Australia. It is unclear whether the attacks are related to Canberra’s response to the pandemic. Morrison merely said that they had “been going on for months.” In terms of security policy, Australia is closely allied with the United States. Morrison said that he had briefed British Prime Minister Boris Johnson and that the other partners in the Five Eyes agency cooperation, which included Canada and New Zealand, as well as the United States, were also informed.

It’s not the first time that Australia’s IT security is at risk

In February and March 2019, the Australian Parliament and political parties had become the target of spies on the Internet. Even then, Australia’s secret services saw a state actor as the originator of the attacks, nor was he publicly named. However, government officials left no doubt at the time that China was responsible for the attacks. Technically, according to the Australian authorities, there are similarities between the two waves of attack.


According to the Australian media, the trigger for Morrison’s warning was an assessment by the secret services. They felt it was necessary to raise the alarm on government agencies and companies so that they could better protect their IT systems. So far, the attack should not have resulted in large-scale flow of personal data, nor would the attackers have attempted to cause damage or shut down systems. The breadth of the attacks suggests that important institutions should be systematically spied on. Michael Sentonas, chief technology officer at Crowd Strike, said that cyber attacks have increased significantly since the beginning of the year.

The attackers mainly use publicly known vulnerabilities to penetrate networks. They succeed because in many cases security gaps are not immediately filled. The government’s goal is to change this. The publication of the attack should not panic the public, but should raise awareness, said the prime minister. Where the attackers were unable to penetrate networks directly via websites, for example, they tried using personalized emails and other techniques, according to the Australian Signals Directorate, the secret service for technical intelligence, which also runs the Center for Cyber ​​Security, which reports to the Ministry of Defense. It called for all IT systems to be updated within 48 hours of the discovery of security gaps.