May 26, 2023
A Chinese hacking group that has been spying on US critical infrastructure in the Pacific for the past two years has likely already infiltrated similar systems in Australia, cyber experts have warned.
Australia and its Five Eyes security partners have called out China over hacking activity targeting infrastructure assets in Guam, an island in the west Pacific Ocean that is also an important military base for America.
Tech giant Microsoft detected the “stealthy and malicious” hacking activity, confirming it had been occurring since mid-2021.
“Mitigating this attack could be challenging,” Microsoft said in a statement.
Australia joined the US, Canada, New Zealand and the UK in condemning the hack and named the source as a group connected to Chinese authorities.
“The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China state-sponsored cyber actor, also known as Volt Typhoon,” the Five Eyes statement said.
Home Affairs Minister Clare O’Neil confirmed there had been “evidence-based attacks” on US assets originating from the Chinese government.
“There’s no question about that and we’re not going to be shy when we know who is responsible for that activity,” she said.
Opposition home affairs spokesman James Paterson said it was “not acceptable” China had targeted civilian infrastructure.
“There’s no doubt in my mind that if this is happening in US critical infrastructure networks, then it’s happening on our networks too,” he said.
Microsoft said the hacking campaign had “affected organisations spanning the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors”.
“Observed behaviour suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible,” Microsoft said.
CyberCX chief strategy officer Alastair MacGibbon said the “very stealthy” and “long term” hacking activity by China was “sophisticated” in its approach.
“This cyber offender isn’t in a high-vis vest with a sledgehammer smashing away, which is the typical one we deal with,” he said.
“This is someone wearing a camouflage suit, carefully cutting the barded wire and getting into an organisation.”
Mr MacGibbon said if the Five Eyes countries were jointly warning of activity so-far only detected in the US, it was likely because they believed other nations including Australia were also currently being spied on in this way.
“They either think critical infrastructure in Australia has been targeted, or we will be targeted,” he said.
“This is a signal not just to China to back off, it’s a signal to critical infrastructure owners and operators – to largely private sector entities – to start looking for this type of activity.”
Mr MacGibbon said knowing about the Guam incidents made it “easier,” but not necessarily “easy” for Australian companies to detect similar activity.
“The average system owner is going to have to go out and try to educate themselves on this and that’s tough,” he said.
“But the first step is knowing that you’ve got to look for something.”
