China bombarding Australia with cyber attacks, targeting work from home employees, report reveals

Duncan Evans and Joseph Olbrycht-Palmer

NewsWire

3 Min Read

3 hours ago

Updated

36 mins ago

Disturbing new claims reveal Australians who work from home have become the latest target for Chinese state-backed hackers. Credit: seksan Mongkhonkhamsao/Getty Images

Beijing-backed hackers are targeting Australians who work from home and using their devices to unleash sprawling spyware on corporate systems.

The Australian Signals Directorate (ASD) on Tuesday released its Annual Cyber Threat Report revealing it confronted 1200 cyber security incidents over the past year – an 11 per cent jump on the previous year.

Chinese state-sponsored groups, such as the notorious APT 40, drove the spike.

Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.

By continuing you agree to our Terms and Privacy Policy.

The ASD noted that groups were “routinely” hunting “Australian government networks for cyber espionage purposes”.

“Government and defence-related information is an attractive target for state-sponsored cyber actors seeking strategic insights into Australia’s national policies and decision-making,” the report said.

But exploiting Australians working from home was new, highlighting a major challenge for big business, which lost hundreds of thousands on average to cybercrime over 2024-25.

“State-sponsored cyber actors have also compromised home devices connected to the internet, such as home routers, to create botnets that support further targeting around the globe,” the ASD said.

“State-sponsored cyber actors continue to use built-in network administration tools to carry out their objectives and evade detection by blending in with normal system and network activities, enabling them to decide when to steal information or cause harm to an organisation’s network at a time of their own choosing.

“This is known as living off the land (LOTL).”

Defending against LOTL is difficult because it “requires network defenders to think like the malicious cyber actor, by studying abnormalities in behaviours occurring on systems rather than through traditional means such as intrusion detection systems”.

The report singled out APT40, which it said “regularly conducts malicious activities against Australian and regional networks that possess information of value to the People’s Republic of China”.

“These activities represent a security threat to many government and critical infrastructure networks.

“Australia and several international partners acted decisively to detail the tradecraft of APT40 to assist network defenders to detect and prevent their malicious activities.”

‘Increasing danger’

Defence Minister Richard Marles warned the nation faced “an increasingly challenging threat landscape”.

“The nation faces an increasingly challenging threat landscape where cyber-enabled espionage and crime are not a hypothetical risk, but a real and increasing danger to the essential services we all rely on,” he said.

“The report makes clear that malicious actors have been working unseen to steal data and demand ransom payments from Australian victims, or to target our most critical networks for disruptive attacks.”

Defence Minister Richard Marles says Australia faces an ‘increasingly challenging threat landscape’. Picture: NewsWire/ Gaye Gerard — Defence Minister Richard Marles says Australia faces an ‘increasingly challenging threat landscape’. NewsWire/ Gaye Gerard Credit: News Corp Australia

The report detailed a suite of disturbing trends, with every major business and sector now at risk from potentially crippling attacks.

For one, the number of ransomware incident in the healthcare sector doubled in 2024-25 from the previous year.

Malicious cyber actors were successful in 95 per cent of all health care and social assistance sector incidents that the ASD responded to.

Further, the costs to businesses from cyber attacks exploded.

The average self-reported cost of cyber crime per report for small business was $56,600, up 14 per cent.

For medium-sized businesses, the cost jumped 55 per cent to $97,200, while for large businesses, reported costs skyrocketed 219 per cent to $202,700.

“Businesses should operate with a mindset of ‘assume compromise’ and prioritise the assets or ‘crown jewels’ that need the most protection,” the ASD stated.

Attacks flow from a range of state-based actors and also criminal enterprises.

Over the year, the report revealed that cyber actors achieved “extensive compromise” on two occasions in the federal government, government shared services and regulated critical infrastructure categories.

The report came just days after criminal hackers released stolen Qantas customer data onto the dark web following a cyber hit on the airline giant’s operations in Manila in July.

Stolen data included names, phone numbers, addresses, emails, birthdays, gender, frequent flyer numbers, status tiers and points balances.

No credit card details, personal financial information or passport details were accessed in the breach.

The airline said it was investigating the incident with cyber security experts, the Australian government, the ASD’s Australian Cyber Security Centre and the AFP.