Why China is the prime suspect
China is the chief suspect in a massive and "malicious" cyber attack on Australia's essential services, government agencies, industry and infrastructure.
Prime Minister Scott Morrison confirmed that a state-based actor has launched a significant increase in cyber activity this morning after briefing state premiers overnight.
The new cyber attack follows reports that Australia's cyber intelligence agency, the Defence Signals Directorate, had concluded last year that China's Ministry of State security was responsible for a major attack on Parliament and political parties in the lead up to the 2019 election.
Refusing to shut down speculation today that China was suspected in the new attack, Mr Morrison stressed investigations were continuing by the Defence Signals Directorate and law enforcement agencies.
The attack follows rising diplomatic tensions with China, Australia's biggest trading partner, over new tariffs on barley and warnings to tourists and overseas students to no longer travel here.
"I'm here today to advise you that, based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated State-based cyber actor,'' the Prime Minister said.
"This activity is targeting Australian organisations across a range of sectors, including all levels of Government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.
"We know it is a sophisticated State-based cyber actor because of the scale and nature of the targeting and the trade craft used."
Asked if China was to blame, the Prime Minister stressed that the threshold to formally identify a state-based actor was high but the list of possible suspects was not long.
"The Australian Government is not making any public attribution about these matters,'' he said.
"We are very confident that this is the actions of a state-based actor. We have not gone any further than that. I can't control what speculation others might engage in on this issue or, frankly, any other. I have simply laid out the facts as we know them and as we have disclosed today."
"As I just said, the threshold for attribution on these issues is high."
"This is my answer. I am saying the threshold for being able to answer your question along those lines is very high. What I can confirm, with confidence, based on the advice, the technical advice that we have received, is that this is the actions of a State-based actor with significant capabilities. There aren't too many State-based actors who have those capabilities."
The Australian Cyber Security Centre is currently working with targeted organisations to ensure that they have appropriate technical mitigations in place and their defences are appropriately raised.
"Cyber security is a whole of community effort, Government, industry and individuals. That is why we are raising this matter today, to raise awareness of this important issue and to encourage organisations, particularly those in the health critical infrastructure and essential services to take expert advice and to implement technical defences to thwart this malicious cyber activity."
Defence Minister Linda Reynolds said there was some simple advice for companies to follow to protect against cyber attacks.
"Firstly, patch your Internet facing devices promptly, ensuring that any web or email servers are fully updated with the latest software. Secondly, ensure you always use multifactor authentication to secure your Internet access, infrastructure and also your CLOUD-based platforms,'' she said.
"Thirdly, it's important to become an ACSC partner to ensure you get the latest cyber threat advice to
protect your organisation online. Today, the Australian Cyber Security Centre and the Department of Home Affairs have published a very detailed technical advisory which is available at cyber.gov.au."
The Prime Minister said there did not appear to be any evidence of breaches of personal data.
"The advice I have is that the investigations conducted so far have not revealed any large scale personal data breaches,'' he said.
The Prime Minister confirmed he had discussed the attack with world leaders.
"I spoke to Boris Johnson last night about a range of matters, including this one and there are a number of engagements with our allies overnight,'' he said.
"There are many that have been targeted but, in terms of their success, that is not
as significant. As I said, the investigations undertaken to date are, as I relate to Mark and miss questioning. We will continue to work closely with the agencies. Today is about raising the awareness and those who are engaged in this are not doing this to help us."
The Prime Minister said the motive for the attacks was not clear.
"It is difficult to understand what one's motivation might be for that. What is of interest to us is that it is occurring and what we are focused on is the practices that they're employing and we have some of, if not the best agencies in the world, working on this and that means that they are putting all of their efforts in thwarting these attempts,'' he said.
"I can confirm that they have thwarted many, but this is a very complex area and it requires constant persistence."
Originally published as Why China is the prime suspect