Beijing Is ‘State-Based Cyber Actor’ Behind Cyber-Attacks on Australia: Defence Expert

By Daniel Y. Teng
Daniel Y. Teng
Daniel Y. Teng
Daniel Y. Teng is based in Sydney. He focuses on national affairs including federal politics, COVID-19 response, and Australia-China relations. Got a tip? Contact him at
June 20, 2020Updated: June 22, 2020

A defence expert believes the Chinese Communist Party (CCP) is most likely the “sophisticated state-based cyber actor” Prime Minister Scott Morrison warned, but did not disclose, was instigating cyber-attacks on the Australian government and private organisations.

Michael Shoebridge of the Australian Strategic Policy Institute said the prime minister’s remark that “there are not a large number of state-based actors that can engage in this type of activity” pointed to the Chinese regime.

Shoebridge told The Epoch Times on June 19: “When you look at the culmination of capability and intent, the list narrows to the most likely suspect being the Chinese state.”

Epoch Times Photo
Chinese soldiers work at computers. The Chinese regime’s cyberattacks against the United States have continued despite cyber agreements. (

Going down the list of who could possibly be behind the cyberattacks, Shoebridge said: “When it comes to Australia, the Russians don’t have the intent, they don’t have the same deep interests that Beijing has with Australia because of the massive two-way trade relationship and because Australia’s decisions in our national interest have influenced global debates in ways Beijing doesn’t like.”

Beijing has instigated a trade dispute with Australia, one that Chinese state-owned media Global Times said is retaliation for the Foreign Minister Marise Payne’s call for an inquiry into the origins of the CCP virus outbreak, as well as Australia’s 5G ban on Huawei.

Prime Minister Scott Morrison (L) with Senator Marise Payne (R) speaks to media in Sydney, Australia on May 13, 2019. (Tracey Nearmy/Getty Images)

‘Tradecraft’ of Cyberattacks Indicates ‘State-Based’ Actor

Shoebridge said it was well known that the Chinese regime engaged in regular, systematic cyberattacks against the Australian government, political parties, and businesses.

Due to the increased level of “persistence and intensity” of the long-running cyberattacks, Shoebridge believes the prime minister may have judged it strategically necessary and a “duty of care” to bring it to public attention so that government and non-government organisations can look at their cybersecurity.

In fact, the prime minister told reporters during the press conference that: “Regrettably, this activity is not new. Frequency has been increasing.”

On the morning of June 19, Scott Morrison, accompanied by Defence Minister Linda Reynolds, read a formal statement in Canberra saying: “Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure” were being targeted in a major, coordinated, months-long cyber-attack.

Scott Morrison
Australian Prime Minister Scott Morrison speaks at a press conference at Parliament House in Canberra, Australia, on June 19, 2020. (Mick Tsikas/AAP Image)

Morrison added: “We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used.”

When questioned on which country was involved, Morrison would not be drawn, saying “public attribution” required an extremely high threshold before the government would consider such as act.”

He said, however: “Australia doesn’t engage lightly in public attributions, and when and if we choose to do so is always done in the context of what we believe to be in our strategic national interests.”

Morrison said the reason he was making the announcement was to “raise awareness of these specific risks” and encourage organisations to take “expert advice and to implement technical defences to thwart this malicious cyber activity.”

Shoebridge said it is likely the cyber actors have been working to get “credentials and access” to the systems of different Australian organisations and are a “persistent presence” in this area.

“There’s no evidence of disruption or disabling of systems, so what they’re seeing is the presence of state actors on systems to get hold of information.”

An example of how “information advantage” could come into play, is it gives a government or business, an advantage over a rival entity during negotiations.

“If the counterpart could get access to their internal negotiating positions, their cost structures, details around their business arrangements, that puts them in a powerful negotiating position.”

Beijing’s Unrestricted Warfare on the West

The CCP’s cyber capabilities are superior to many other countries due to its scale, according to Shoebridge:

“The Chinese scale of cyber activity is larger because they’re wealthier, they have a lot of homegrown technologies they can use, and also it’s a state-corporate endeavour where state-owned and private corporations can be compelled to work for the state, and that adds to their capability.”

“That’s partly why the Chinese activity is the larger problem globally,” he added.

The CCP has a multi-faceted cyber warfare strategy underpinned by its “unrestricted warfare” doctrine. The doctrine mandates the CCP to engage its geopolitical rivals (namely the United States and western allies) through a variety of means, outside of traditional warfare.

This can include economic warfare, the influence of politicians, cyber warfare, and disinformation campaigns. The regime avoids direct conflict as it knows the technological superiority of the U.S. military outstrips its own, so it must engage through other means.

In recent years, Beijing has passed a series of laws to tighten its grip over the private sector so it can leverage these facets of society against its rivals.

These include the National Intelligence Law 2017 which compels China-based companies to provide data and information to the state if needed, and the military-civil fusion doctrine, which mandates civilian technologies can be repurposed for military use.

“It does highlight the risk that Chinese state-owned or private corporations can be compelled by the Chinese state to cooperate, and compelled not to disclose that cooperation,” Shoebridge said.

“That gives them access to technologies, applications and capabilities they don’t have to build in government, and they can use from their commercial world,” he added.

As a result, companies such as Zoom, Huawei, TikTok, Tencent and ZTE have come under increasing scrutiny from western governments in recent months.

Watch Next

China’s Unrestricted Warfare Could Lead to Collapse in One Year