US indictment accuses two Chinese nationals of global, state-backed campaign targeting dozens of agencies, including in Australia.
Australia has called on China to respect international commitments on cybercrime after the US and UK revealed an alleged plot by a hacking group backed by state intelligence to steal intellectual property from the west on an industrial scale.
On Friday Australia’s national cyber security adviser and the head of the Australian Cyber Security Centre, Alastair MacGibbon, described the hacking as “an audacious, global campaign” which had affected “several” Australian companies.
“It’s audacious, it is huge and it impacts potentially thousands of businesses globally,” he told the ABC.
Two Chinese nationals have been charged in the US over their alleged membership of a hacking group operating in China known in global intelligence circles as Advanced Persistent Threat 10, or APT10.
The group, acting on behalf of the Chinese Ministry of State Security, is accused of targeting companies and government agencies in at least a dozen countries and trying to access intellectual property and other sensitive business information.
A US indictment unsealed on Thursday in unison with a series of British statements accused the hackers of obtaining unauthorised access to the computers of at least 45 entities, including commercial and defence technology companies and US government agencies such as Nasa and the US navy.
Australia’s foreign affairs minister, Marise Payne, and home affairs minister, Peter Dutton, said in a joint statement on Friday that APT10’s “sustained cyber intrusions” were significant and a “serious concern”.
The hackers had focused on large managed service providers (MSPs) – companies that manage IT services and infrastructure for medium-to-large businesses and organisations – including in Australia, the ministers said.
“Australia calls on all countries – including China – to uphold commitments to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining a competitive advantage,” they said.
The US deputy attorney general, Rod Rosenstein, called the alleged hacking “outright cheating and theft”. He said the hacked data gave China an unfair advantage at the expense of businesses and countries that followed international law.
Rosenstein said the threats posed by the hacking operation, which dates back to 2006, had never been more severe or more pervasive, and were part of China’s ultimate goal to replace the US as the world’s leading superpower.
The US indictment said Zhu Hua and Zhang Shilong. They allegedly worked for a company that acted in association with the Chinese Ministry of State Security’s Tianjin state security bureau, the US Justice Department said.
MacGibbon said: “We know there are victims in Australia. We know that these MSPs as trusted providers for companies and governments all around the world have unique access [and] once they are compromised by this particular actor, APT10, working on behalf of the Chinese government, they can gain access to commercial secrets.
“This isn’t about espionage, this is about stealing the unique aspects of an economy in order to advance another one’s.
“It is global in scale and very significant.”