- REUTERS/Kevin Zhao
- Australian companies have been the target of a fresh wave of China-originated cyberattacks this year as part of a “constant, significant effort” to plunder corporate assets and intellectual property, according to a report released Tuesday.
- Beijing has rejected the claims that China’s top security agency planned and directed a surge in cyber attacks on Australian companies.
- The report alleges the coordinated attacks also broke a personal agreement struck between China’s Premier Li Keqiang and the former Australian Prime Minister Malcolm Turnbull that both countries would put a stop to the theft of each other’s commercial secrets.
- A foreign ministry spokesperson provided China’s stock responses to accusations of hacking: “groundless, speculative, unprofessional and irresponsible.”
SYDNEY, Australia – China’s foreign ministry has recorded its usual annoyance following an investigation into Chinese corporate hacking in Australia that comes only days after US Vice President Mike Pence pointed the finger at Beijing for its overwhelming “intellectual property theft”.
China’s peak security agency has been overseeing a surge in cyberattacks on Australian companies over the past year, in an action dubbed “Operation Cloud Hopper,” according to a report by Fairfax Media and broadcaster Channel Nine.
The Cloud Hopper cyber-espionage campaign was first uncovered by security researchers at PwC, BAE Systems, and the UK’s National Cyber Security Centre.
Those researchers concluded in 2017 that the campaign was the work of the China-based, People’s Liberation Army connected APT10 hacking group.
In 2016, US security firm Mandiant released the report “APT1 Exposing One of China’s Espionage Units,” describing the term as Advanced Persistent Threat 1, “a single organization of operators that has conducted a cyber-espionage campaign against a broad range of victims since at least 2006.”
On Tuesday, unnamed senior Australian officials are cited in the Fairfax report as saying this recent surge of attacks targeting sectors across the Australian economy from “industry to corporate and military” were confirmed by the “Five Eyes” intelligence alliance.
Five Eyes is the name given to an intelligence-sharing network made up of the US, Britain, Canada, Australia, and New Zealand, as part of the same campaign.
The senior Australian government source told Fairfax the activity was “a constant, significant effort to steal our intellectual property,” and that China’s Ministry of State Security was responsible for Operation Cloud Hopper.
Australian universities and network providers have attracted criticism for lax security measures.
The massive uptick in activity was also backed up by the vice president of the US cybersecurity company CrowdStrike, Mike Sentonas.
Following a deal struck between the Chinese premier and Australian prime minister earlier in 2017, Sentonas said that from the beginning of this year, he had “noticed a significant increase in attacks.”
“The activity is mainly from China and it’s targeting all sectors,” he told Fairfax.
“There’s no doubt the gloves are off.”
One senior Australian government source said China’s mission was “a constant, significant effort to steal our intellectual property.”
The cyber theft places intense pressure on Australian Prime Minister Scott Morrison to respond as the cyber security pact signed between the two countries only last year appears to be in question.
In response the Chinese foreign ministry rolled out its standard response to what is now a well-practiced routine.
Ministry spokesman Geng Shuang told the regular press briefing in Beijing that the accusations were groundless or “without factual basis.”
“The speculative report without factual basis is irresponsible and unprofessional,” (没有事实根据的臆测报道是不负责任、不专业的), Geng said.
In 2013 a foreign ministry spokesman Hong Lei made the same observation at his regular press briefing when asked to comment on a report then released by the US security company Mandiant, that singled out the People’s Liberation Army (PLA) for conducting cyber espionage against Western countries for years.
“The speculative report without factual basis and groundless criticism is irresponsible and unprofessional.” he said.
Two years earlier Lei called a very blunt report commissioned on China’s role in foreign cyber spying handed to the US Congress in November, 2011, as “speculative and both unprofessional and irresponsible.”
And remember when North Korea successfully hacked Sony Pictures in 2014?
“This kind of speculative report without factual basis is irresponsible and unprofessional,” then foreign ministry spokesmen Hua Chunying said.
No effective deterrence
China has a rich legacy of infuriating Western governments that have routinely accused it of plundering industrial, corporate and military secrets.
Last year, sensitive data about Australia’s F-35 stealth fighter and P-8 surveillance aircraft programmes were stolen when a defence subcontractor was hacked with a tool widely used by Chinese cyber criminals.
The Australian Federal Police and Australian Security Intelligence Organisation (ASIO) have reportedly intensified their cooperation to respond to the threat.
However, a senior police source said in the report that they are many months behind the US.
Without enforcement, there was no effective deterrence, the report said, citing one national security source.
The Australian Signals Directorate (ASD) the country’s top cyber enforcement agency has detected attacks against several Western businesses, although the names of the affected firms have not been made public.
Meanwhile, the systems of Australian defense contractor Austal were also breached last month as part of a subsequent extortion attempt.
The source of the attack has not yet been confirmed, but officials say that this time the attack may have came out of the Middle East with Iran the most likely culprit, according to the Australian Cyber Security Centre.