Australia has suffered an enormous ‘state-based’ cyber attack on its government, education, health, and business sectors, according to the PM

(Sam Mooy, Getty Images)
(Sam Mooy, Getty Images)

The Prime Minister has revealed that Australia has been the target of a large-scale cyber attack.

Briefing media on Friday morning, Scott Morrison said attacks had comprehensive in scope, aimed at the government, education, health, and business sectors.

“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used.” Mr Morrison told reporters at an impromptu media conference held at Parliament House.

Morrison said cyberattacks on Australia had been increasing over recent months. While he did not name the country behind the attack, given rising political tensions, China was immediately at the fore of speculation.

“What I can confirm, with confidence, based on the advice, the technical advice that we have received, is that this is the action of a state-based actor with significant capabilities,” he said. “There aren’t too many state-based actors who have those capabilities.”

After the press conference concluded, ABC reported that government officials believe the state actor behind the attack was China. Business Insider Australia, however, has not been able to confirm this independently.

The “malicious cyber activity” appears to have been aimed at critical health infrastructure, as well as other government services and the business community.

Appearing alongside Morrison, Defence Minister Linda Reynolds said businesses were being briefed and instructed to upgrade their security measures, add multi-factor authentication, patch their online systems and request government assistance if required.

Underlining the seriousness of the situation, Morrison revealed he had spoken with British Prime Minister Boris Johnson about the attack. The government has also briefed the federal opposition on the matter.

The Australian Cyber Security Centre (ACSC) has published more details on exactly how the attack worked. It revealed that the actor tried to “leverage public exploit proof-of-concepts” to target government infrastructure and when that method failed, turned to spearphishing, using emails to target victims.

According to the ACSC, this included links to credential harvesting websites, emails with links to malicious files, or with the malicious file directly attached, links prompting users to grant Office 365 OAuth tokens to the actor, use of email tracking services to identify the email opening and lure click-through events.

Curiously, while the attackers were trying to gain access, it’s not clear what they intended to do once they had it.

“During its investigations, the ACSC identified no intent by the actor to carry out any disruptive or destructive activities within victim environments,” the ACSC said in a statement.

More to come.