Prime Minister Scott Morrison says Australian organisations are being targeted by “sophisticated, state-based cyber” attacks.
Mr Morrison confirmed on Friday the large-scale attacks had been launched across a “range of sectors across all levels of government, political organisations, education, health, essential service providers and operators of other critical infrastructure”.
“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” he said.
Mr Morrison would not say which country was behind the attacks.
Asked if it was China, he said: "The Australian government is not making any public attribution about these matters.
"We are very confident that this is the actions of a state-based actor.
"We have not gone any further than that. I can't control what speculation others might engage in."
After being pressed further on who he thought was responsible, Mr Morrison later said: “There aren't too many state-based actors who have those capabilities.”
The prime minister said the threat had been an ongoing issue, but the intensity of it had been increasing “over many months”.
He also said it was unclear what the motivations for the attacks were.
“It is difficult to understand what one's motivation might be for that,” Mr Morrison said.
“What is of interest to us is that it is occurring and what we are focused on is the practices that they're employing and we have some of, if not the best agencies in the world, working on this and that means that they are putting all of their efforts in thwarting these attempts.
“I can confirm that they have thwarted many, but this is a very complex area and it requires constant persistence and application and that's what they're doing.”
How to protect from cyber attacks
Minister for Defence Linda Reynolds said it was “vital” for organisation to be on alert to protect themselves from a cyber attack.
“All Australian organisations, who might be concerned about their vulnerability to sophisticated cyber compromise can take these three simple steps to protect themselves,” she said.
“Firstly, patch your internet-facing devices promptly, ensuring that any web or email servers are full updated with the latest software.
“Secondly, ensure you always use a multi-factor authentication to secure your internet access, infrastructure and also your cloud-based forms.
“And thirdly, it is important to become an ACSC (Australian Cyber Security Centre) partner to ensure you get the latest cyber threat advice to protect your organisation online.
“Today, the Austalian Cyber Security Centre Centre and the Department of Home affairs [have] published a very detailed technical advisory which is available cyber.gov.au.”
Do you have a story tip? Email: firstname.lastname@example.org.