Australian Prime Minister Scott Morrison informed his parliament on Monday that a “sophisticated state actor” attacked their computer system in an apparently unsuccessful attempt to harvest information that could be used to influence Australian politics. Analysts believe China is the most likely suspect, followed by Russia or Iran.
“Members will be aware that the Australian Cyber Security Center recently identified a malicious infiltration into the Australian Parliament House computer network. During the course of this work, we also became aware that the networks of some political parties, Liberal, Labor, and Nationals have also been affected,” Morrison said on Monday.
“Our cyber experts believe that a sophisticated state actor is responsible for this malicious activity,” he said. “Let me be clear, though there, is no evidence of any electoral interference.”
Morrison said the incident highlights the importance of cybersecurity and vowed the Australian government will continue to protect “our values and our sovereignty” from malicious outside influence.
Opposition leader Bill Shorten agreed that “when it comes to national security, we all have a joint obligation.”
“Over the past few years, we have witnessed a range of attempted infiltrations and manipulations in the democratic processes of Germany, Japan, Ukraine, the United Kingdom, the United States, France, and Canada. We cannot be complacent and, as this most recent activity reported by the Prime Minister indicates, we are not exempt or immune,” Shorten said.
The Australian Cyber Security Center (ACSC) is the Australian government’s leading cybersecurity agency. Agency chief Alastair MacGibbon qualified Morrison’s reassurances slightly by saying the ACSC is not completely certain the hackers did not access any information.
“While this offender was sophisticated enough to compromise the networks, it was not sophisticated enough to remain undetected,” MacGibbon declared.
Neither the prime minister nor ACSC named a suspect for the “sophisticated state actor” in their official statements, but Sky News on Monday quoted analysts who said China was the obvious prime suspect.
“When you consider motivation, you would have to say that China is the leading suspect, while you wouldn’t rule out Russia either,” Fergus Hanson of the Australian Strategic Policy Institute ventured.
Hanson seemed more certain than the ACSC that some information was indeed compromised by the attack.
“It is the honeypot of juicy political gossip that has been hoovered up. Emails showing everything from the dirty laundry of internal fights through to who supported a policy could be on display,” he said.
Iran is also on the radar screen as a suspect because Iranian hackers are believed to be responsible for a similar cyber attack on Australian shipbuilder and defense contractor Austal in October. The ACSC said information stolen in the Austal attack was auctioned off on the dark web. The Iranian government denied knowledge of the hack.
The invasion of Australian parliamentary and party computer systems might have been an effort to influence elections coming in May. Chief technology officer Steve Ledzian of the FireEye cybersecurity firm told Bloomberg News that elections “nearly always draw the interest of advanced attackers.”
“A big question for Australian leadership is when will they start publicly attributing targeted cyber attacks. Disclosure alone helps raise awareness, but offers little deterrence for attackers,” said Ledzian, alluding to the Australian government’s reluctance to directly accuse foreign governments of sponsoring cyber attacks.