Prime Minister Scott Morrison called a press conference on Friday morning to “raise awareness” of the state-based cyber attacks Australia is currently facing across all levels of government, as well as the private sector.
Scott Morrison disclosed the far-reaching attacks at a media conference in Canberra on Friday, while his defence minister declared that malicious cyber activity was “increasing in frequency, scale, in sophistication and in its impact”.
The government is not saying which country it believes to be responsible, except to say it is “a state-based actor, with very significant capabilities”.
The prime minister declined to respond to a specific question about whether it was China, after months of tensions in its relationship with Australia, but security experts later said they believed it, Russia and North Korea were the only countries that fell within Morrison’s description.
“I’m here today to advise you that, based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated state-based cyber actor,” Morrison told reporters.
“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.
“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used. The Australian government is aware of and alert to the threat of cyber-attacks.”
“The Australian government is not making any public attribution on these matters,” he said in response to a question asking if China was behind the “attacks”. “We are very confident these are the actions of a state-based actor, we have not gone any further than that, I can’t control what speculation others might engage in … I’ve simply laid out the facts as we know them.”
He said the Australian Cyber Security Centre (ACSC) has been working with the private sector to “thwart this activity”.
The prime minister said Australia was working closely with its allies and partners to manage cyber threats. He had spoken with his British counterpart, Boris Johnson, about the issue on Thursday night.
Morrison said the government was speaking publicly about the issue not to raise concerns but to raise awareness. He encouraged organisations, particularly those in health critical infrastructure and essential services, to “implement technical defences to thwart this malicious cyber activity”.
The prime minister declined to name, at this stage, which country was believed to be responsible. He said the threshold of evidence to attribute an attack to a particular country publicly was “extremely high” and it would only ever be done in line with Australia’s strategic national interests.
The defence minister, Linda Reynolds, said increasingly sophisticated malicious cyber activity harmed Australia’s national security and economic interests. She urged all Australian organisations to be alert to the threat and protect their networks.
The government briefed the office of the opposition leader, Anthony Albanese, on Thursday evening.