‘Illicit gain’: Australia accuses China of criminal cyber attacks

Australia has taken the rare step of formally accusing China of co-ordinated cyber attacks with key allies, accusing Beijing of engaging contract hackers to steal intellectual property.

The attacks on Microsoft Exchange software, which began in January, allowed hackers gained access to the email systems of thousands of users including in Australia.

Australia, the United States and all NATO members have accused China’s Ministry of State Security of carrying out cyber attacks as well as paying criminal cyber attacker to conduct large-scale hacks.Credit:Bloomberg

Australia and other countries – including the United States and all NATO members – accused China’s Ministry of State Security of carrying out cyber attacks itself as well as paying criminal cyber attackers to conduct large-scale hacks. This included the explosive accusation that Beijing paid criminal groups to conduct ransomware attacks to extort millions of dollars out of companies.

In a statement on Monday night, the Australian government said it joined international partners in “expressing serious concerns about malicious cyber activities by China’s Ministry of State Security”.

“In consultation with our partners, the Australian government has determined that China’s Ministry of State Security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia.

“These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain.”

Australia said it called on all countries, including China, to act responsibly in cyber space.

“China must adhere to the commitments it has made in the G20, and bilaterally, to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage,” Home Affairs Minister Karen Andrews, Defence Minister Peter Dutton and Foreign Minister Marise Payne said in a statement.

While calling out China as a malicious actor in cyber space, Australia has repeatedly declined to attribute specific cyber attacks waged by Beijing.

In June, 2020, Prime Minister Scott Morrison warned a state-based actor was behind a series of cyber raids on all levels of government, industry and critical infrastructure, including hospitals, local councils and state-owned utilities. Australian security agencies believed China was probably behind the cyber raids but the Morrison government at the time declined to name the nation state involved.

Mr Morrison last month raised the alarm on the escalating wave of cyber attacks against all levels of industry and government in meetings with Britain’s top spies in London.

US Secretary of State Antony Blinken said Beijing “has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain”.

“These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cyber security mitigation efforts, all while the MSS had them on its payroll,” he said.

While a certain tybe of cyber espionage is accepted in the international arena, with Australia conducting its own offensive moves, there is growing concern that China and Russia have been using their capabilities for commercial and criminal means. The accusation that China has paid criminal groups to carry out malicious cyber attacks, including ransomware attacks, is unprecedented.

There has been a 200 per cent increase in reports of ransomware attacks to Australia’s premier cyber security agency, the Australian Cyber Security Centre, in recent months.

A ransomware is a form of malware which encrypts the victim’s files whereby the attacker then demands a ransom to restore access to their system.

Most Viewed in Politics

From our partners

Source: Read Full Article