“We know it is a sophisticated, state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” Mr Morrison said on Friday.
“The Australian government is aware of and alert to the threat of cyber attacks.”
He would not say which country was behind the attacks.
Asked if it was China, Mr Morrison said: “The Australian government is not making any public attribution about these matters.
“We are very confident that this is the actions of a state-based actor.
“We have not gone any further than that. I can’t control what speculation others might engage in.”
Mr Morrison said these were not new risks but were specific, targeted activities and he wanted to advise Australians and organisations so they can take action to protect themselves.
He said the investigations conducted so far have not revealed any large-scale personal data breaches.
Australia’s security agencies are working closely with allies and partners to manage it.
“I spoke to (British Prime Minister) Boris Johnson last night about a range of matters, including this one and there are a number of engagements with our allies overnight,” Mr Morrison said.
The prime minister also spoke to Opposition Leader Anthony Albanese on Thursday night on the issue, as well as state and territory leaders.
“Cyber attacks are a real issue,” Mr Albanese told reporters in the NSW town of Thredbo.
“What the evidence is, is that these attacks are expected to be more often.”
Last month a joint statement by the Department of Foreign Affairs and Trade and the Australian Cyber Security Centre said there had been “unacceptable malicious” cyber activity.
“Of particular concern are reports that malicious cyber actors are seeking to damage or impair the operation of hospitals, medical services and facilities, and crisis response organisations outside of Australia,” it said.
This week Lion brewery reported an IT system outage as a result of a ransomware attack.
“In response, we immediately shut down key systems as a precaution,” it said in a statement.
“There is still some way to go before we can resume our normal manufacturing operations and customer service.”
Toll Holdings also reported it was hit twice by cyber attacks in May.
CYBER ATTACK ON AUSTRALIA: KEY POINTS
* This is a “malicious” attack on government and private sector computer networks.
* No large-scale data breaches have been detected.
* A “state-based actor with significant capabilities” is behind the attack.
* Experts say the states most capable of these types of attacks are Russia and China.
* The frequency of attacks has increased in past months.
* State premiers and territory leaders have been alerted.
* Prime Minister Scott Morrison spoke with his British counterpart Boris Johnson about the issue on Thursday night.
* Australian security agencies are working to thwart the attacks and are providing advice to those under attack.
TYPES OF ATTACK
The Australian Cyber Security Centre released technical guidance in late May outlining more than 50 types of attacks that have been increasingly used over the past year.
The tactics, techniques and procedures include:
* Exploitation of remote access programs such as Pulse Connect Secure and Citrix, many of which have been used by people working from home during the coronavirus pandemic
* Sending malware as an email attachment
* Using stolen credentials to access email accounts
* Stealing or encrypting data
* Ransomware, where data is encrypted and money demanded in exchange for the decryption key
* Activity designed to hide malware including clearing Windows event logs and deleting or changing timestamps on files
WHO IS UNDER ATTACK?
* Morrison said targets included all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure
* In the past two months, large companies including beverage producers Lion, BlueScope, and logistics giant Toll Group have been targeted with ransomware multiple times
Source: Federal Government
-AAPJump to next article