- Analysis
- Technology
- Cybersecurity
The Chinese hack that has Australia on high alert
By David Swan
The government agencies in charge of the nation’s cyberdefences - the Australian Signals Directorate and the Australian Cyber Security Centre – have issued a joint warning alongside their counterparts in the US, Canada and New Zealand about “Salt Typhoon”, a Chinese hacking group.
The warning said state-sponsored hackers had “compromised networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign” and urged telecommunication providers to harden their infrastructure. It came after the US government announced that a large amount of Americans’ metadata had been stolen by Salt Typhoon, over a period of months and potentially years.
What is Salt Typhoon?
Salt Typhoon has been active since 2020. Credit: Getty
Salt Typhoon – given its name by Microsoft – is a Chinese state-linked hacking group that has been active since 2020. It has breached telecommunications companies in dozens of countries, President Joe Biden’s deputy national security adviser Anne Neuberger told journalists overnight, burrowing its way into valuable broadband and telecommunication networks.
What is it exactly targeting?
Hacking groups like Salt Typhoon aren’t seeking immediate financial gain, like a ransomware payment, according to Grant Walsh, an executive from Australia’s largest cybersecurity firm CyberCX. Instead, they want access to the sensitive core components of critical infrastructure, like telecommunications, for espionage or even destructive purposes, he said.
“Their attacks are not about locking up systems and extracting fast profits like many of the cyberincidents we read about in the media. Instead, these are covert, state-sponsored cyberespionage campaigns that use hard-to-detect techniques to get inside critical infrastructure and stay there, potentially for years. Waiting to steal sensitive data or even disrupt or destroy assets in the event of future conflict with Australia.”
What has the US said?
Neuberger, a senior US government official, told journalists that a large number of Americans’ metadata had been stolen by Salt Typhoon and that the attack was ongoing.
“We do not believe it’s every cell phone in the country, but we believe it’s potentially a large number of individuals that the Chinese government was focused on.”
The Chinese government has denied being linked to the attacks.Credit: DPA/AP
Officials from the FBI and CISA have recommended that Americans switch to encrypted messaging apps to minimise the chance of Chinese hackers intercepting their messages.
“Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,” they said.
“Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.”
Encrypted messaging apps include iMessage, Facebook’s Messenger app and Signal.
Have Australians been affected?
Potentially, though there’s not yet any public evidence that Salt Typhoon is active in Australia.
“While Salt Typhoon has been observed in US telco networks – and appears to be still active there – there is not yet any public evidence the group is active in Australia,” CyberCX’s Grant Walsh said. “However, it’s important to note that ACSC – and global partner agencies – would not jointly issue detailed guidance if the threat was not real.
“Australian telco networks have invested significantly in some of the most mature cyberdefences in Australia. But the global threat landscape is deteriorating, and telecommunications networks are a key target for persistent and highly capable state-based cyberespionage groups, particularly those associated with the People’s Republic of China.”
Deputy National Security Advisor for Cyber, Anne Neuberger.Credit: AP
What’s the Australian government saying?
A government spokesperson issued the following statement:
“The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) assesses that Australian telecommunications organisations could be vulnerable to similar activity.
“ASD strongly encourages all telecommunications organisations to implement this guidance and ensure that they remove these vulnerabilities.
“If malicious activity is identified, ASD’s ACSC strongly recommends that organisations report the incident to ASD and seek assistance in validating and responding to this threat.”
What has China said?
China has consistently denied allegations from technology firms and the US government that it relies on hackers to carry out attacks on telecommunications infrastructure.
A spokesperson for the Chinese Embassy in Washington said in October that the “US intelligence community and cybersecurity companies have been secretly collaborating to piece together false evidence and spread disinformation” about the Chinese government supporting such attacks.
Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.