Posted on July 23, 2020

Hackers Linked to China Allegedly Stole Data from Australian Defence Contractor

Daniel Hurst, The Guardian, July 22, 2020

Hackers linked to China allegedly stole more than 300 gigabytes of data from an Australian defence contractor including technical information, according to an indictment unsealed by the US justice department.

The Australian government said on Wednesday it was concerned by the alleged intrusions and welcomed “actions designed to hold malicious cyber actors to account” after the US announced a raft of charges against two Chinese nationals.

But the opposition argued the government was not doing enough to safeguard critical infrastructure and businesses from cyber threats.

Li Xiaoyu, 34, and Dong Jiazhi, 33, are accused of targeting an Australian defence contractor and an Australian solar business, as part of “a sweeping global computer intrusion campaign” that in some cases allegedly included helping China’s Ministry of State Security (MSS).

The Australian defence contractor – known as “Victim 21” but not named – was allegedly targeted between April and June 2019. The hackers allegedly stole about 320GB of documents including source code for the company’s products, engineering schematics and technical manuals.

The other Australian victim was said to have been targeted more recently. The network of “Victim 23” – described in the indictment as an Australian solar energy engineering concern – was allegedly compromised in January 2020, with the hackers also conducting “additional network reconnaissance”, the document said.

The Morrison government issued a statement raising concern about the cyber intrusions without naming China directly.

The statement – issued by four agencies including the Australian Signals Directorate – urged “all countries” not to breach their international commitments. It pointed to allegations by the assistant US attorney general, John Demers, that the hackers also targeted human rights activists in the US, China and Hong Kong.

“Of particular concern, these individuals also reportedly targeted Covid-19 researchers as well as political dissidents, religious minorities and human rights advocates,” said the statement, which was also signed by the Department of Foreign Affairs and Trade and the Department of Home Affairs.

“We welcome actions designed to hold malicious cyber actors to account.”

The Australian Cyber Security Centre – the fourth agency to issue the joint statement – said it was “working closely with organisations across Australia to help build their resilience to cyber compromises and is engaging with victims of malicious cyber incidents to offer cybersecurity advice and assistance”.

Guardian Australia is seeking further details from the government on what steps it may have taken to check whether Australian defence technology or equipment has been compromised.

But Tim Watts, the opposition’s shadow assistant minister for cybersecurity, urged the government to work more proactively with Australian businesses “to ensure they are not exposed to cybersecurity threats during the first recession in three decades”. He also called for the appointment of a dedicated cybersecurity minister.

“We should expect the government to be safeguarding our critical infrastructure and businesses with the best available measures,” Watts said.

“Sadly that is just not happening and has the potential to put at risk the lives and livelihoods of Australians.”

The Australian federal police commissioner, Reece Kershaw, told the National Press Club on Wednesday that malicious cyber activity against Australia’s national and economic interests was “increasing in frequency, scale, sophistication and impact”.

The comments follow a media conference in June when the prime minister, Scott Morrison, said a wide range of the nation’s public and private sector organisations were “currently being targeted by a sophisticated state-based cyber actor” – without naming the country.

The Australian government has said it will earmark $1.35bn towards boosting Australia’s cybersecurity capabilities, with the 2020 Cyber Security Strategy due to be “delivered in coming months”. The previous four-year strategy expired in April.

The US Attorney’s office for the eastern district of Washington painted a mixed picture of the alleged motivations in the newly unsealed case, saying the defendants “in some instances acted for their own personal financial gain, and in others for the benefit of the MSS or other Chinese government agencies”.

Relations between Australia and China have come under repeated strain this year, but tensions boiled over last month when Beijing accused Canberra of engaging in a campaign of “cyber espionage, spying and surveillance on foreign governments, companies and individuals”.

This week, an industry panel advising the Australian government on cybersecurity urged it to adopt a more “forward-leaning posture” on naming the countries behind cyber-attacks – including working with close partners to jointly attribute responsibility.

The Australian government declared last week its support for a joint cybersecurity advisory issued by the US, UK and China “which details malicious cyber activity by Russian actors targeting organisations involved in Covid-19 vaccine development”.

In that case, however, Australia named Russia – calling on it “to cease immediately any cyber activity, or support for such activity, which is inconsistent with their international commitments”.