Australia is under increasing pressure from state-sponsored cyber attacks, the Australian Signals Directorate (ASD) revealed on Wednesday. The attacks are believed to target “critical infrastructure and sensitive military secrets.” 

The Directorate’s latest report focuses on the potential risks to water supplies and electrical grids. While it did not attribute the recent hacks to a specific country, it noted the significant danger posed by Beijing in China, and Moscow in Russia.  

Australia under cyber attack

The report highlights an incident in May, in which Beijing-backed hackers breached “critical infrastructure sectors” in the United States. A warning was issued that similar techniques could be used by China to gain access to Australian systems. 

Furthermore, the report mentions the Russian ‘Snake’ malware network, a complex spy operation dismantled earlier this year by the US. 

“In 2022–23, ASD joined international partners to call out Russia’s Federal Security Service’s use of ‘Snake’ malware for cyber espionage, and also highlighted activity associated with a People’s Republic of China state-sponsored cyber actor that used ‘living-off-the-land’ techniques to compromise critical infrastructure organizations,” the report states.

Recent cyber security incidents

According to AFP, Australia has been hit by a string of high-profile hacks in the past 12 months, including one late last week that crippled major ports for three days. 

DP World was the latest target after it went offline for three days over the weekend. The downtime caused chaos since DP World is Australia’s largest terminal operator, responsible for 40% of the country’s maritime freight.

In addition, Australia’s largest private health insurer, Medibank, was under attack in November 2022. The personal data of more than 9.7 million individuals were compromised. In September of the same year, telecom giant Optus was hit by a data breach that affected 9.8 million customers. 

Following the September cyber attack, Optus disclosed that it brought consultancy firm Deloitte on board to conduct a detailed forensic investigation into the origins of the incident.  

Optus recently faced another setback in Federal Court after failing in its attempt to withhold a report from the 2022 cyber attack. Despite Optus’ attempts to claim legal privilege over the document, the court denied its request. 

Ongoing threats: The bigger picture

Experts have pointed out that inadequate safeguards and the accumulation of sensitive customer data have heightened Australia’s vulnerability to such attacks. More robust security measures are needed to protect infrastructure and data. 

Watch: Interview with Troy Hunt

This year alone, ASD responded to more than 1,000 cyber security incidents, 10% of which included ransomware. It also blocked over 67 million malicious domain requests, an increase of 176% from 2022.

Australian defense minister Richard Marles responded to the report’s findings, saying China has been “a source of security anxiety for our country.” He says the increasing number of cyber attacks coincides with the recent disruptive attacks on Australia’s infrastructure. 

Compiled by Cheryl Kahla, additional reporting from AFP. 

About the author

Cheryl has contributed to various international publications, with a fervor for data and technology. She explores the intersection of emerging tech trends with logistics, focusing on how digital innovations are reshaping industries on a global scale. When she's not dissecting the latest developments in AI-driven innovation and digital solutions, Cheryl can be found gaming, kickboxing, or navigating the novel niches of consumer gadgetry.