China’s embassy in Canberra has blasted the federal government as being “like a thief” and “hypocritical”, launching a spray after Australia joined global allies in calling out Beijing over allegations of hacking Microsoft email platforms.
It’s the first Chinese response to the rare direct allegation from the international community, but Home Affairs minister Karen Andrews warned Australia could face more “serious implications”.
“The government thinks that we need to call out these malicious cyberattacks,” Ms Andrews said on Tuesday morning.
“They won’t get away with it scot-free.”
Australia joined NATO, the European Union and the ‘Five Eyes’ intelligence grouping to claim that recent malicious cyber activity, targeting the Microsoft Exchange email network, had come from China. The alleged ‘hacking’ allowed criminals to steal valuable commercial secrets and intellectual property, or hold it to ransom in exchange for payments.
Different international groupings made slightly different allegations, with the EU’s statement noting only claims the hacking had originated in China. However, Australia and the US specifically called out China’s Ministry of State Security as the alleged culprit.
“In consultation with our partners, the Australian government has determined that China’s Ministry of State Security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia,” Ms Andrews said in a Monday night statement.
She claimed Beijing had engaged “contract hackers” to undertake “intellectual property theft for personal gain and to provide commercial advantage to the Chinese Government.”
In a statement on Tuesday, China’s embassy in Canberra said it “firmly rejects the groundless accusations”. A spokesperson accused the Morrison government of simply “parroting the rhetoric of the US”, claiming Australia itself had a “poor record” on cybercrime and had acted as an “accomplice” to American “eavesdropping”.
“What the Australian government has done is extremely hypocritical, like a thief crying ‘stop the thief’,” the Chinese embassy spokesperson said.
Ms Andrews said about 30,000 businesses worldwide were affected by the hack.
“It was a significant data breach and access was enabled to these systems so that they could be commandeered and controlled from outside the organisation,” she said on Tuesday.
Australia has come under what Prime Minister Scott Morrison called “economic coercion” from China in recent times, facing trade barriers on exports of wine, timber, barley, beef and seafood. The federal government has attributed this to Beijing’s displeasure at Australia calling for international inquiries into the origins of COVID, and criticism over Chinese human rights abuse.
However, Ms Andrews stressed that Australia shouldn’t “conflate this issue of a malicious cyberattack with any of the other issues that are bubbling around at the moment”.
Despite previously attributing hacks or criminal behaviour to China, Russia or North Korea in the past, Australia has largely been reluctant to specifically name certain countries as alleged aggressors. However, Ms Andrews said it was “in our national interests” to do it in this case, but admitted there may be repercussions.
“We are aware that there are serious implications for any attribution that is made to any nation. But we also will not compromise our position on sovereignty and national security,” she said.
“In this instance, along with our partner nations, we needed to call out this malicious cyberattack.”
Labor leader Anthony Albanese agreed, calling it “right” to push back against such activity.
“You have a responsibility to call out these issues,” he said at a press conference in Launceston.
“We’re right to call out attacks on Australia whether they’d be cyber crimes or other activities that are inappropriate against a sovereign nation.”
Fergus Hanson, director of the International Cyber Policy Centre at the Australian Strategic Policy Institute, said many countries saw it as “fair game” to gather intelligence or conduct espionage on one another. However, crossing into commercial espionage was a red line, he said, after China’s President Xi Jinping had made numerous agreements not to engage in such behaviour.
“China tries to present itself as a country abiding by international rules, saying it’ll be a friendly alternative superpower to the US. But this is an example that not only breaks its own commitments, but the kind of behaviour typically associated with a rogue state,” he told The New Daily.
After a 2015 meeting with President Xi, then-US president Barack Obama said the two nations had agreed neither would “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage”.
Peter Cai, a fellow at the Lowy Institute whose research examines the Australia-China relationship, said the government must have factored in the possibility of some repercussions from Beijing. He said there was “always a risk that China may take some action”.
“It’s the largest regional economy, a key purchaser of comodities, so China has significant economic leverage over partners and is becoming increasingly likely to use those economic muscles,” he told The New Daily.
“We’ve seen a few rounds of trade sanctions on a broad range of sectors. I can imagine when minsters sign onto statements like this, the history of the last 12 months must weigh heavily on their mind. Does this mean a new round of retaliation?”