Hackers target Australian Government, businesses in major cyber attack

A “significant state-based cyber actor” has launched a massive cybersecurity attack on the Australian Government and businesses across the country.

Prime Minister Scott Morrison confirmed the significant intrusion at a press conference in Canberra on Friday morning.

“I’m here today to advise you that, based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated State-based cyber actor,” the Prime Minister said.


It’s understood the target of the hackers include all levels of Government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure. 

“We know it is a sophisticated State-based cyber actor because of the scale and nature of the targeting and the trade craft used,” Mr Morrison said.

He confirmed the Australian Cyber Security Centre has been actively working with targeted organisations to ensure that they have “appropriate technical mitigations” in place and their “defences are appropriately raised”.

“Thanks to the cooperation between the affected entities, the Australian Cyber Security Centre and a range of private cyber security providers, we have been working together to thwart this activity,” Mr Morrison said.

When asked what nation was suspected to be behind the attack, Mr Morrison said the “threshold for public attribution on a technical level is extremely high.”

“Australia doesn’t engage lightly in public attributions and when and if we choose to do so is always done in the context of what we believe to be in our strategic national interests. 

“What I can confirm is there are not a large number of State-based actors that can engage in this type of activity and it is clear, based on the advice that we have received, that this has been done by a State-based actor, with very significant capabilities.”

When probed whether China may be behind the attack following increasing tensions between the two countries, the Prime Minister said “I can only say what I have said”.

“The Australian Government is not making any public attribution about these matters. We are very confident that this is the actions of a State-based actor.

“We have not gone any further than that. I can’t control what speculation others might engage in on this issue or, frankly, any other. I have simply laid out the facts as we know them.”

Thankfully it’s understood the personal and financial details of Australians have not been compromised at this stage.

“The advice I have is that the investigations conducted so far have not revealed any large scale personal data breaches,” Mr Morrison confirmed.

The motive behind the malicious attack, which has reportedly been underway for “quite some time”, remains unclear.

“It is difficult to understand what one’s motivation might be for that,” Mr Morrison admitted.

“What is of interest to us is that it is occurring and what we are focused on is the practices that they’re employing and we have some of, if not the best agencies in the world, working on this and that means that they are putting all of their efforts in thwarting these attempts.”

The Prime Minister said the Government was raising the issue “not to raise the concerns of Australians, but in many ways to reassure Australians that we understand what’s going on here and we are addressing it to best of our capabilities”.

The Federal Government said they will be investing more money in the coming months to further protect the country in the cyberspace, however businesses and individuals are now being urged to ensue their security is up to date.

Defence Minister Linda Reynolds said there are three simple steps people can take to protect themselves.

“Firstly, patch your internet-facing devices promptly, ensuring that any web or email servers are fully updated with the latest software,” she said.

“Secondly, ensure you always use multi-factor authentication to secure your internet access, infrastructure and also your cloud-based platforms. Thirdly, it’s important to become an ASSC partner to ensure you get the latest cyber threat advice to protect your organisation online.”

Notify of
newest most voted
Inline Feedbacks
View all comments

“State based” is China right?
Why not just say China – Trump has no problems dumping on China as much as possible.
Scotty from marketing must be concerned about “Offending” someone.