Karen Andrews on Tuesday morning declaring China ‘won’t get away with’ a huge cyber attack on 30,000 companies around the world
China ‘won’t get away with’ a huge cyber attack on 30,000 companies around the world, Karen Andrews said on Tuesday.
The Home Affairs Minister slammed Beijing for ‘undermining international stability’ after Australia joined the US, UK, European Union, New Zealand, Canada, and NATO in accusing Beijing of a large hack on the Microsoft Exchange email server earlier this year.
The allies alleged China’s Ministry of State Security used ‘contract hackers’ to attack companies and government bodies, costing them billions of dollars in stolen intellectual property, ransom payments and cyber-security defence efforts.
Chinese state media has branded the claims a ‘huge lie’ and said the US ‘enlisted’ its allies to ‘smear’ and ‘frame’ Beijing.
Independent Senator Rex Patrick called for sanctions on China but former national cyber security adviser Alastair MacGibbon said ‘the reality is consequences for China will be pretty low’.
Ms Andrews insisted naming and shaming Beijing was a punishment in itself.
‘They wont get away with it Scot-free. There are many nations that have come out and attributed this attack to China so there is significant reputational damage to China – they have been called out,’ she told reporters on Tuesday.
In the past, Australia attributed cyber attacks to Iran, China, North Korea, and Russia – but it’s rare to publicly single out a government.
Ms Andrews said Australia was willing to name China because it was backed up by allies and had a ‘very high level of confidence’ that Beijing was the culprit.
‘We will not compromise our position on sovereignty and national security, we needed to call out this malicious cyber attack,’ she said.
Ms Andrews said 30,000 businesses were affected worldwide but did not say how many in Australia.
‘It was a significant data breach and access was enabled to these systems so they could be commanded and controlled from outside the organisation,’ she said.
The Australian Government took a bold step in its ongoing diplomatic spat with China and it’s President-for-life Xi Jinping (pictured), naming the communist state as the party responsible for a series of ‘malicious’ cyber attacks
Asked if any customer data was taken, she said: ‘We do know that data theft happens here in Australia, we do know that identity theft happens here in Australia.’
Ms Andrews said Australian companies and individuals should make sure their data is secure and slammed China for undermining national security.
‘Australia publicly attributes cyber-incidents when it’s in our interests to do so, especially those with the potential to undermine global economic growth, national security and international stability,’ she said.
US Secretary of State Antony Blinken said the March hack of Microsoft Exchange, a top email server for corporations around the world, was part of a ‘pattern of irresponsible, disruptive and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security’.
China’s Ministry of State Security ‘has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain’, Blinken said in a statement.
In a simultaneous announcement, the US Department of Justice said four Chinese nationals had been charged with hacking the computers of dozens of companies, universities and government bodies in the US and abroad between 2011 and 2018.
Prime Minister Scott Morrison in June last year shocked the nation by outlining how an unnamed ‘state-actor’ had targeted banks, universities, hospitals, transport networks, electricity grids, and the military, as part of a lengthy cyber-warfare campaign against Australia.
China-watchers and security experts pointed the finger squarely at Beijing, with insiders claiming the cyber invasion was payback for Australia’s decision to ban Chinese state firm Huawei from the national 5G network in 2018 over national security concerns.
Scott Morrison (pictured) in June last year shocked the nation by outlining how an unnamed ‘state actor’ targeted banks, universities, hospitals, transport networks, electricity grids, and the military, as part of a lengthy cyber-warfare campaign against Australia
On Monday night Karen Andrews released a joint statement with Defence Minister Peter Dutton, Foreign Affairs Minister Marise Payne, and Minister for Home Affairs Karen Andrews on the latest attack.
‘In consultation with our partners, the Australian Government has determined that China’s Ministry of State Security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia,’ the statement read.
‘These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain.’
The statement went on to say the Australian Government was aware and seriously concerned that China’s Ministry of State Security was hiring ‘contract hackers’ to carryout intellectual property crimes on behalf of the Beijing.
‘Australia calls on all countries – including China – to act responsibly in cyberspace,’ the statement said.
‘China must adhere to the commitments it has made in the G20, and bilaterally, to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage.’
How are the attacks carried out?
The Australian Cyber Security Centre has identified the actor utilising various spearphishing techniques.
This spearphishing has taken the form of:
- Links to credential harvesting websites
- Emails with links to malicious files, or with the malicious file directly attached
- Links prompting users to grant Office 365 OAuth tokens to the actor
- Use of email tracking services to identify the email opening and lure click-through events
Source: Australia Cyber Security Centre
The government decided to call out China’s attacks to ‘highlight the significant risk they can pose to Australia’s national security or to international stability’.
Cyber attacks can ‘undermine business confidence’ and stagnate ‘inclusive economic growth’ – a key talking point of Chinese diplomats at international conferences.
While critical infrastructure and information intelligence remain Australia’s most heavily protected cyber assets, experts warned trust in democratic institutions is a vulnerable target.
They said the real goal of authoritarian powers such as China, Russia, North Korea and Iran is to overwhelm the west with paranoia and distrust in governments, media, science and independent judiciary.
‘While the nominal targets of this attack are unidentified, the deeper target is the institutional trust that enables Australia’s open democratic system to function,’ Flinders University national security analyst Dr Zac Rogers told news.com in the wake of last year’s attacks.
‘The threat of an enemy at the gates can pale in comparison to the damage done by the monster under the bed.
‘The irony of the age of information would be that it could herald the end of influence.’
Australia had a 60 per cent rise in ransomware attacks over the past year, with damages estimated to cost the economy about $1.4billion.
There were 291 Australian entities targeted with malware attacks in the year to April 2019. In the following 12-months that figure shot up to 459.
The Australian Federal Police recently set up Operation Orcus to combat the spate of online attacks against Australia by rogue regimes like Russia and China.
‘Australia’s cyber security posture is strong, but there is no room for complacency given the online threat environment is constantly evolving,’ the joint statement said.
‘Protecting Australia from malicious cyber activity – be it by state actors or cybercriminals – requires a continuous improvement approach to cyber security practices across all levels of society including government, business and households.’
‘The Australian Government will continue to work with international partners and the private sector to strengthen cyber security.’
The Joe Biden administration led the worldwide condemnation of China for state-sponsored ransomware attacks
The UK’s foreign secretary Dominic Raab demanded China stops its ‘systematic cyber sabotage’ as state-backed groups were blamed for Microsoft Exchange attacks
The disclosure comes as Canberra’s diplomatic relationship with Beijing continues to sour.
Communist Party officials were outraged when Mr Morrison’s government called for an independent inquiry into the origins of the coronavirus pandemic in April 2020.
The call for transparency was met with an array of arbitrary bans and tariffs on key Australian exports including barley, wine, beef, cotton, seafood, coal and timbre.
Intelligence officials attributed a major cyber attack on the Australian parliament last year, as part of Beijing’s campaign to intimidate or bully Australia as tensions over trade foment.
What you need to do NOW to avoid being hacked by China: The simple steps that help keep you safe online as cyber attackers target Australia
Last year then Defence Minister Linda Reynolds told businesses how to improve their cyber security as Australia faces a series of major cyber attacks from a ‘sophisticated state actor’.
Cyber experts said it was the first time in history that an Australian defence minister had addressed the nation with specific technical tips to avoid being hacked.
She urged businesses to check their security systems and take extra steps such as ensuring employees use multi-factor identification to log in to devices.
Defence Minister Linda Reynolds (left) today told businesses how to improve their cyber security as Australia faces a series of major cyber attacks from a ‘sophisticated state actor’
Ms Reynolds also warned companies to download recent software, secure their cloud-based platforms and report any breaches to the Australia Cyber Security Centre.
She said: ‘Firstly, patch your Internet facing devices promptly, ensuring that any web or email servers are fully updated with the latest software.
‘Secondly, ensure you always use multifactor authentication to secure your Internet access, infrastructure and also your CLOUD-based platforms.
Dane Meah of cyber security firm, InfoTrust, said the announcement ‘serves as a reminder that cyber security is crucial.’
‘Often security projects are one of the first to be scaled back during a recession and this could potentially cause even more damage to the Australian economy if we see businesses start to fall victim to these attacks,’ he said.
‘Our advice to businesses would be to complete a review of the controls, policies and procedures they currently have in place, including testing a response plan and making staff aware of threats.’