2 hours ago
1
A top cybersecurity figure says China’s Salt Typhoon hacking campaign has almost certainly burrowed into Australia’s critical infrastructure in one of the most effective long-term espionage campaigns ever seen.
Alastair MacGibbon, chief strategy officer at CyberCX and a former cybersecurity adviser to then-prime minister Malcolm Turnbull, said Salt Typhoon’s operation has probably compromised multiple sectors across Australia and New Zealand and remains undetected.
It is “the most effective espionage campaign against the West that we have ever seen,” MacGibbon said, and reflects an “insidious shift” in the global threat landscape where Beijing is pouring significant resources into burrowing into critical Western infrastructure.
CyberCX co-founder Alastair MacGibbon.Credit: Oscar Colman
“By the admission of the US government, Salt Typhoon has seen the Chinese intelligence services comprehensively penetrate the communications of millions of Americans, including some top decision-makers,” MacGibbon told this masthead.
“While there’s no public evidence that Salt Typhoon is active in Australia, we consider it highly likely that Salt Typhoon has compromised sectors in Australia which remain undetected.”
Loading
Salt Typhoon – named by Microsoft using its convention for Chinese state-linked threat groups - is a hacking operation that has been active since at least 2019. Rather than deploying ransomware or seeking quick financial pay-offs like criminal hackers, Salt Typhoon is focused on long-term espionage: quietly infiltrating telecommunications networks, stealing data, and maintaining persistent access that could be weaponised during future conflicts.
The FBI revealed last week that Salt Typhoon had hacked at least 200 American companies and struck organisations across 80 countries. The Australian Signals Directorate, working alongside 20 international partner agencies, has publicly attributed the campaign to Beijing’s Ministry of State Security and People’s Liberation Army.
What makes Salt Typhoon particularly alarming is its exploitation of “lawful intercept” capabilities – surveillance systems that telecommunications companies are legally required to maintain for law enforcement and intelligence agencies.
“By targeting US telco networks, Salt Typhoon has enabled China’s Ministry of State Security to take over the lawful intercept capabilities that governments compel telcos to have,” MacGibbon said. “This means that the MSS can see and listen to highly sensitive interception and surveillance data meant for law enforcement and security agencies.”
MacGibbon said one of the most concerning aspects for security professionals was how difficult such state-backed campaigns were to identify.
For decades, China has used for-hire hackers to break into computer networks and systems.Credit: Fairfax Media
Unlike ransomware gangs, nation-state actors employ so-called “living off the land” techniques that exploit legitimate, built-in tools within a victim’s own systems rather than deploying malware that might trigger security alerts.
“These stealthy techniques can bypass traditional security tripwires and are much harder to detect,” MacGibbon said. CyberCX’s most recent threat report found that espionage incidents take on average about 400 days to detect, compared to just over three weeks for financially motivated attacks perpetrated by cybercriminals.
For businesses, the stakes extend beyond espionage. Jake Hense, a research analyst at American Century, noted that cybersecurity had become fundamental to assessing whether a business can survive long-term, a factor the US Securities and Exchange Commission now requires companies to address in their disclosures.
“A sustainable business must be able to address risks, including cyberthreats that could significantly impact its ability to conduct day-to-day business,” Hense said.
Lieutenant General Susan Coyle, Chief of Joint Capabilities, Australian Defence Force.Credit: Oscar Colman
The warning follows MacGibbon’s appearance at The Australian Financial Review Cyber Summit in September, where he cautioned that Chinese-made electric vehicles and connected devices posed similar risks as potential surveillance and disruption tools.
Lieutenant General Susan Coyle, who leads Defence’s cyber and space operations, told the same summit that Australia was effectively already fighting in cyberspace.
“I would be naive to get up here and tell you that we’re not in conflict in the cyber domain now,” Coyle said. “Our ships will not sail, our planes will not fly, and our missiles will miss targets if we don’t get the cyber domain right.”
Loading
MacGibbon said Five Eyes agencies were “very alive to the risk” and regularly publishing joint advisories with practical guidance for critical infrastructure organisations, including reviewing network device logs for unexpected activity and employing robust change management processes.
China has consistently denied involvement in Salt Typhoon, with a spokesperson for the Chinese Embassy in Washington claiming the US intelligence community was “spreading disinformation.”
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.
Most Viewed in Technology
Loading
