Salt Typhoon: Fears Aussies’ data at risk after China expands global cyberwar, hacking passwords and accounts

Headshot of Aaron Patrick
Aaron Patrick
The Nightly
China has expanded the global cyberwar with an ‘indiscriminate’ hack of passwords and accounts across the West.
China has expanded the global cyberwar with an ‘indiscriminate’ hack of passwords and accounts across the West. Credit: William Pearce

Australia has joined an international alliance of intelligence agencies that have concluded after a year-long investigation that China is conducting what may be the most ambitious cyberattack in its history, targeting passwords, personal records and other information of hundreds of millions of citizens across the West.

The Australian Signals Directorate is a joint signatory with the US National Security Agency, FBI, British, German, Japanese and 17 other spy services which warn that the attack by a group known as Salt Typhoon has targeted more than 80 countries.

US experts said it may have stolen information from nearly every American, raising the prospect that Australians’ data has been compromised on a wide scale too.

Sign up to The Nightly's newsletters.

Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.

Email Us
By continuing you agree to our Terms and Privacy Policy.

The news of the espionage is likely to increase tensions between China and Western nations already heightened from China’s military expansion in the Western Pacific and threats to Taiwan, which were highlighted by a large display of modern military equipment at a parade in Beijing on Wednesday.

Chinese agents are “having considerable success exploiting publicly known common vulnerabilities”, the joint statement from the 23 agencies said.

They “are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks.”

Soldiers march during a military parade marking the 80th anniversary of victory over Japan and the end of World War II, in Tiananmen Square on September 03, 2025, in Beijing, China.
Soldiers march during a military parade marking the 80th anniversary of victory over Japan and the end of World War II, in Tiananmen Square on September 03, 2025, in Beijing, China. Credit: Lintao Zhang/Getty Images

Spreading to civilians

Salt Typhoon’s activities appear to be evidence that cyberwarfare across the globe is spreading from military and security targets to ordinary civilians.

The Chinese hackers are going after information that previously might have been considered primarily of interest to criminal gangs seeking to steal from individuals in an “unrestrained” and “indiscriminate” grab for information, British and American officials told the New York Times.

An Australian cyber-security expert, Robert Potter, said the Chinese government had a “rapacious” appetite for information and would collect data even without a clear objective.

“They take the view that it’s better to have it and then add it to their large data sets, potentially get something they might not find useful,” he said.

“Their agencies would probably have enough data to compile something about every person in the United States or Australia. That doesn’t mean everyone is interesting to them, but they have a default setting of collecting everything.”

Technical briefing

Salt Typhoon is linked to at least three China-based technology companies in business since at least 2019 that were uncovered by the West last year. The companies work for Chinese intelligence agencies, the joint statement said. The information likely being gathered, they said, includes subscriber information, customer records and metadata, “user content”, vendor lists and passwords.

The warning was issued in a 38-page technical briefing for computer administrators. The intelligence agencies state that Chinese agents may be monitoring attempts to remove their access to foreign computer systems, and may adapt their software to combat attempts to cut them off.

“The malicious activity described in this advisory often involves persistent, long-term access to networks where the APT [advanced persistent threat] actors maintain several methods of access,” it says.

“Network defenders should exercise caution when sequencing defensive measures to maximize the chance of achieving full eviction. Partial response actions may alert the actors to an ongoing investigation and jeopardize the ability to conduct full eviction.”

The Australian Signals Directorate, which is responsible for protecting Australia from cyber attacks, did not immediately respond to a request for comment. The Coalition spokesman for home affairs, Andrew Hastie, was also contacted for comment.

Foreign influence

Chinese intelligence operations in Australia have long been a concern for the government. Last month a Chinese woman living in Canberra was arrested and accused of spying on Buddhist association that opposes the Chinese Communist Party. Her name has been supressed.

Former Labor politicians Daniel Andrews and Bob Carr were criticised for attending China’s military parade this week in defiance of a government boycott by ministers.

Mr Carr, the foreign minister in 2012 and 2013, said he was near the parade but did not watch it. Mr Andrews, Victoria’s premier from 2014 to 2023, said he was promoting trade links between the two countries.

Neither man are on a register of Australians working for foreign governments created in 2018 to help combat spying by China and other aggressive nations. Most listees help foreign companies or governments work with the Australian government.

Ex-politicians on the register include former prime minister Tony Abbott, former foreign minister Alexander Downer, and former Labor leader Simon Crean, whose is listed despite dying two years ago.

Comments

Latest Edition

The Nightly cover for 04-09-2025

Latest Edition

Edition Edition 4 September 20254 September 2025

How the former Victorian premier lost his way.