Salt Typhoon: Fears Aussies’ data at risk after China expands global cyberwar, hacking passwords and accounts

Australia has joined an international alliance of intelligence agencies that have concluded after a year-long investigation that China is conducting what may be the most ambitious cyberattack in its history, targeting passwords, personal records and other information of hundreds of millions of citizens across the West.

The Australian Signals Directorate is a joint signatory with the US National Security Agency, FBI, British, German, Japanese and 17 other spy services which warn that the attack by a group known as Salt Typhoon has targeted more than 80 countries.

US experts said it may have stolen information from nearly every American, raising the prospect that Australians’ data has been compromised on a wide scale too.

The news of the espionage is likely to increase tensions between China and Western nations already heightened from China’s military expansion in the Western Pacific and threats to Taiwan, which were highlighted by a large display of modern military equipment at a parade in Beijing on Wednesday.

Chinese agents are “having considerable success exploiting publicly known common vulnerabilities”, the joint statement from the 23 agencies said.

They “are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks.”

Spreading to civilians

Salt Typhoon’s activities appear to be evidence that cyberwarfare across the globe is spreading from military and security targets to ordinary civilians.

The Chinese hackers are going after information that previously might have been considered primarily of interest to criminal gangs seeking to steal from individuals in an “unrestrained” and “indiscriminate” grab for information, British and American officials told the New York Times.

An Australian cyber-security expert, Robert Potter, said the Chinese government had a “rapacious” appetite for information and would collect data even without a clear objective.

“They take the view that it’s better to have it and then add it to their large data sets, potentially get something they might not find useful,” he said.

“Their agencies would probably have enough data to compile something about every person in the United States or Australia. That doesn’t mean everyone is interesting to them, but they have a default setting of collecting everything.”

Technical briefing

Salt Typhoon is linked to at least three China-based technology companies in business since at least 2019 that were uncovered by the West last year. The companies work for Chinese intelligence agencies, the joint statement said. The information likely being gathered, they said, includes subscriber information, customer records and metadata, “user content”, vendor lists and passwords.

The warning was issued in a 38-page technical briefing for computer administrators. The intelligence agencies state that Chinese agents may be monitoring attempts to remove their access to foreign computer systems, and may adapt their software to combat attempts to cut them off.

“The malicious activity described in this advisory often involves persistent, long-term access to networks where the APT [advanced persistent threat] actors maintain several methods of access,” it says.

“Network defenders should exercise caution when sequencing defensive measures to maximize the chance of achieving full eviction. Partial response actions may alert the actors to an ongoing investigation and jeopardize the ability to conduct full eviction.”

The Australian Signals Directorate, which is responsible for protecting Australia from cyber attacks, did not immediately respond to a request for comment. The Coalition spokesman for home affairs, Andrew Hastie, was also contacted for comment.

Foreign influence

Chinese intelligence operations in Australia have long been a concern for the government. Last month a Chinese woman living in Canberra was arrested and accused of spying on Buddhist association that opposes the Chinese Communist Party. Her name has been supressed.

Former Labor politicians Daniel Andrews and Bob Carr were criticised for attending China’s military parade this week in defiance of a government boycott by ministers.

Mr Carr, the foreign minister in 2012 and 2013, said he was near the parade but did not watch it. Mr Andrews, Victoria’s premier from 2014 to 2023, said he was promoting trade links between the two countries.

Neither man are on a register of Australians working for foreign governments created in 2018 to help combat spying by China and other aggressive nations. Most listees help foreign companies or governments work with the Australian government.

Ex-politicians on the register include former prime minister Tony Abbott, former foreign minister Alexander Downer, and former Labor leader Simon Crean, whose is listed despite dying two years ago.