Morrison revealed the existence of the attacks during a press conference on Friday, adding that a “state-based cyber actor” is “targeting Australian organizations across a range of sectors, including all levels of government, industry, political organizations, education, health, essential service providers and operators of other critical infrastructure.”
He did not specify which agencies or businesses are believed to be under attack, nor did he detail the exact nature of the attacks — though he did say that the government’s investigation has not uncovered any “large-scale personal data breaches.”
Morrison also did not say which state Australia believes to be behind the attack. But he told reporters that “there are not a large number of state-based actors that can engage in this type of activity.”
“It is clear … that this has been done by a state-based actor with very, very significant capabilities,” Morrison added.
The attacks are also not new, and Morrison made clear that such threats are a “constant issue for Australia to deal with.” But he added that he was prompted to speak Friday because the “frequency has been increasing” over “many months.”
A possible culprit
While Morrison declined to say who may be behind the attacks, the scale and timing led many political observers to immediately point the finger at China. Asked by journalists Friday about whether Beijing was responsible, Morrison said he “couldn’t control speculation.”
China’s Ministry of Foreign Affairs said on Friday that the country is a “staunch upholder of cyberspace security,” and reiterated its longstanding claim that “we have been the biggest victims of cyber attacks.”
“We are firmly opposed to all forms of cyber attacks,” said Zhao Lijian, a ministry spokesperson.
The country has consistently denied claims about its cyber espionage activities.
Capability and motive
Peter Jennings, executive director of the Australian Strategic Policy Institute (ASPI), told CNN Business that there was a “95% chance that it is China who is responsible for this attack.”
“It really comes down to understanding the capacity and interest that any country might have in wanting to engage in this sort of attack against Australia,” said Jennings, a former senior Australian Defense Department official. “There are some other countries that are capable, namely Russia and North Korea, but in both cases they don’t have the scale to go as comprehensively as China has.”
He added that neither Russia nor North Korea has a major “strategic interest in Australian politics” at present.
Zhao, the Chinese foreign ministry spokesperson, attacked ASPI’s credibility on Friday and said it has been “hyping up and creating all kinds of anti-China agendas.”
“It has no reputation at all,” he said.
“There is only one country which has the combination of capability and motive and that’s China,” ASPI’s Jennings said. “And frankly there is also a pattern of this behavior by China over the years in this.”
Canberra has avoided pinning blame in the past on other countries for major cyber attacks, including an operation launched against the country’s parliament and major political parties in 2019.
— CNN’s Hilary Whiteman and Isaac Yee contributed reporting.