Australian intelligence agency blames Chinese Ministry of State Security, PLA for global cyber hack

The Australian Signals Directorate intelligence agency has blamed China’s Ministry of State Security and People’s Liberation Army for a cyber attack that is believed to have culled information about millions of civilians around the world, including Australians.

A group known as Salt Typhoon is targeting global telecommunications, transportation, lodging, and military infrastructure networks, according to the ASD and 22 foreign intelligence services, including the US National Security Agency and FBI, which have conducted a years-long investigation into what experts say may be the most ambitious cyberattack in Chinese history.

“This activity has been observed globally – including in the US, UK, Australia, Canada, NZ and beyond,” an ASD spokesperson told The Nightly. “Cyber has become a key tool of choice for state-craft and this sort of activity is a key enabler of espionage. ASD strongly encourages all organisations to implement the guidance and ensure that they remove these vulnerabilities.”

Salt Typhoon’s activities appear to be evidence that cyber warfare across the globe is spreading from military and security targets to civilians.

The Chinese hackers are going after information that previously might have been considered primarily of interest to criminal gangs seeking to steal from individuals in an “unrestrained” and “indiscriminate” grab for information, British and American officials told The New York Times, which first reported the hack.

Every Australian

An Australian cyber-security expert, Robert Potter, said the Chinese government had a “rapacious” appetite for information and may have collected information on every person in Australia. “They take the view that it’s better to have it and then add it to their large data sets, potentially get something they might not find useful,” he said.

“Their agencies would probably have enough data to compile something about every person in the United States or Australia. That doesn’t mean everyone is interesting to them, but they have a default setting of collecting everything.”

The news of the espionage is likely to increase tensions between China and Western nations already heightened by China’s military expansion in the Western Pacific and threats to Taiwan, which were highlighted by a large display of modern military equipment at a parade in Beijing on Wednesday.

Chinese agents are “having considerable success exploiting publicly known common vulnerabilities”, a statement from the intelligence agencies said.

Technical briefing

Salt Typhoon is linked to at least three China-based technology companies in business since at least 2019 that were uncovered by the West last year. The companies work for Chinese intelligence agencies, the joint statement said. The information likely being gathered, they said, includes subscriber information, customer records and metadata, “user content”, vendor lists and passwords.

The warning was issued in a 38-page technical briefing for computer administrators. The intelligence agencies state that Chinese agents may be monitoring attempts to remove their access to foreign computer systems, and may adapt their software to combat attempts to cut them off.

“The malicious activity described in this advisory often involves persistent, long-term access to networks where the APT(advanced persistent threat) actors maintain several methods of access,” it says.

“Network defenders should exercise caution when sequencing defensive measures to maximize the chance of achieving full eviction. Partial response actions may alert the actors to an ongoing investigation and jeopardize the ability to conduct full eviction.”

The Ministry of State Security is China’s main intelligence agency, operating at home and overseas. The PLA runs separate intelligence operations. The Coalition spokesman for home affairs, Andrew Hastie, did not respond to a request for comment.

Foreign influence

Chinese intelligence operations in Australia have long been a concern for the Government. Last month a Chinese woman living in Canberra was arrested and accused of spying on Buddhist association that opposes the Chinese Communist Party. Her name has been supressed.

Former Labor politicians Daniel Andrews and Bob Carr were criticised for attending China’s military parade this week in defiance of a government boycott by ministers.

Mr Carr, the foreign minister in 2012 and 2013, said he was near the parade but did not watch it. Mr Andrews, Victoria’s premier from 2014 to 2023, said he was promoting trade links between the two countries.

Neither man are on a register of Australians working for foreign governments created in 2018 to help combat spying by China and other aggressive nations. Most listees help foreign companies or governments work with the Australian government.

Ex-politicians on the register include former prime minister Tony Abbott, former foreign minister Alexander Downer, and former Labor leader Simon Crean, whose is listed despite dying two years ago.