May 6, 2024
Australia’s spy agencies were told twice that a group of Australian MPs belonging to an international committee on China had been targeted by Chinese hackers — but the authorities chose to keep the MPs in the dark about the cyber attacks.
The Nightly understands that a Five Eyes intelligence agency first warned Australia’s agencies in mid-2021 that the attacks had taken place in January 2021.
In June 2022, the FBI formally notified Australian authorities about the attempts by a Chinese hacking group called APT31 to target six Australian MPs.
However, the agencies decided not to tell the Government or the MPs affected.
Instead, the 20 Australian MPs belonging to the Inter-Parliamentary Alliance on China (IPAC) only learned of the attempted attack when the US Department of Justice released its indictment against seven Chinese hackers in April this year — three years after the first warning was provided.
MPs angrily demanded an explanation from ASIO about why they weren’t informed.
After being given a briefing they released a statement and said in a joint statement: “It is now undeniable that Australian legislators were targeted by a foreign power in an unacceptable attempted infringement of Australian sovereignty.
“This was an attack on Australian parliamentarians from both houses and both parties who have dared to exercise their legitimate democratic right to criticise Beijing.
“As such, it was an attack on Parliament as a whole and demands a robust and proportionate response.
“We have now been briefed by agencies and have received an assurance that agencies will inform MPs about future attempts to target them, particularly by state-sponsored groups.”
By contrast, Lithuanian MPs who were also targeted were informed by their agencies after the FBI’s notification in 2022.
The Australian Signals Directorate which manages cybersecurity has been contacted for comment.
It is understood that Australian agencies decided against telling MPs because they deemed the attacks crude and unsuccessful, and happened at a time when MPs and the public were already being warned to take their cyber security into account.
The Australian MPs targetted were former Liberal MP Tim Wilson, Labor MPs Daniel Mulino and David Smith as well as Liberal Senators Alex Antic and Claire Chandler and the opposition’s home affairs spokesman James Paterson.
Mr Paterson, also co-chair of IPAC Australia, said the attempted hack was “not the act of a friend.”
“We should have publicly attributed this conduct as the US, UK and New Zealand have done, and we should be prepared to use our Magnitsky style sanctions to start to put a cost on this behaviour,” he said.
“All of that is harder to do if MPs are not informed in the first place that they are being targeted, as are preventative measures to protect ourselves from this and more sophisticated attempts.
“It is welcome that our agencies have agreed to inform parliamentarians in the future if we are ever again specifically targeted in this way.”
APT31 hackers targeted MPs with spoof emails from a domain masquerading as a news outlet that, if opened, tracked their online behaviour.
According to the FBI’s indictment released last month, the hackers began spamming various government individuals from across the world who were part of IPAC ‘in or about 2021.’
“The Conspirators registered and used ten Conspirator-created accounts on an identified mass email and mail merge system to send more than 1000 emails to more than 400 unique accounts of individuals associated with IPAC,” the indictment said.
Luke de Pulford from IPAC said Australia’s approach was disappointing.
“For years we have all looked to Australia as the vanguard of the Five Eyes when it comes to China,” he said.
‘It is disappointing that not only were elected representatives denied the ability to defend themselves against a hostile act, the people of Australia were also kept in the dark.
“The point of IPAC is to better coordinate how we democracies protect ourselves and to properly debate how to manage our complex relationships with China we must be given the full facts.”
Mark Kelly, a threat intelligence analyst with the cybersecurity firm Recorded Future said the APT31 hackers sent phishing emails that contained tracking pixels or code snippets often used in email and web marketing campaigns that track user interaction.
“APT31 used these to extract initial information from the targets, such as whether they opened the email, at what time, and what type of device they used,” he said.
“This would then allow for future tailored targeting of these individuals which would likely attempt to gain direct access to their email accounts or to infect their devices with malware.
“The end goal of this activity is likely to gather intelligence on these individuals on behalf of China’s Ministry of State Security to support a variety of outcomes.
“These outcomes likely range from the collection of traditional political intelligence on issues like foreign and economic policy through to malign influence efforts against perceived critics of the PRC, including seeking to undermine the credibility or influence of specific individuals or groups.”
Last month FBI Director Christopher Wray said his organisation was struggling to keep up with the scale of Chinese hacking as it was larger than that of every other major nation combined.
“If you took all of the FBI’s cyber agents and cyber intelligence analysts and focussed them exclusively on China — forget ransomware, forget Iran, forget Russia — Chinese hackers would still outnumber FBI cyber personnel by at least 50 to one,” he told the Vanderbilt Summit on Modern Conflict and Emerging Threats.
“That’s actually probably a pretty conservative estimate because the Chinese government has also shown a penchant for hiring cyber criminals to do its bidding.
“In effect, cyber mercenaries further supplement that gigantic workforce.”