Cyber Incident Victim: National Party of Australia
Date:
Feb 2019
Location:
Australia
Summary
A sophisticated cyber-attack attributed to China's Ministry of State Security breached Australia's national parliament and three major political parties, including the ruling coalition, ahead of a general election. The intrusion, identified by Australian intelligence using known Chinese tradecraft, compromised policy documents on taxation and foreign affairs along with private email communications between lawmakers and citizens. While the timing raised concerns about potential election interference, investigators found no evidence that stolen data was weaponized. The findings were classified to avoid damaging bilateral trade ties, with Australia sharing intelligence with U.S. and U.K. allies who assisted in the investigation. China denied involvement, dismissing the allegations as unsubstantiated rumors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2019, Australian authorities disclosed a cyber-attack on the national parliament’s network, prompting urgent password resets for lawmakers and staff. Prime Minister Scott Morrison described the intrusion as sophisticated and likely state-sponsored but did not publicly attribute responsibility. The Australian Signals Directorate (ASD) investigation, completed in March 2019, determined China’s Ministry of State Security conducted the attack, according to five sources with direct knowledge. The same investigation revealed the hackers had also compromised the networks of the ruling Liberal Party, its coalition partner the National Party, and the opposition Labor Party. Attackers accessed policy documents on tax and foreign policy, along with private email correspondence between lawmakers, staff, and citizens. Independent parliamentarians and smaller parties were unaffected. Investigators identified the use of code and techniques previously associated with Chinese operations but did not specify the initial breach method or the duration of network access. The ASD collaborated with Australia’s Department of Foreign Affairs on a classified report recommending secrecy to avoid damaging trade relations with China, which accounted for over one-third of Australia’s exports.
The findings were shared with the United States and United Kingdom, the latter sending cyber experts to assist in Canberra. No evidence indicated stolen data was used to influence Australia’s May 2019 election, which the Liberal-National coalition won narrowly. China’s Foreign Ministry denied involvement, calling the accusations unsubstantiated and emphasizing China’s status as a cyber victim. Australia withheld public attribution despite U.S. Secretary of State Mike Pompeo’s criticism during a Sydney visit, where he warned against prioritizing trade over security. The incident followed Australia’s 2018 ban on Huawei’s 5G equipment and 2017 foreign interference laws, reflecting escalating tensions over Chinese influence. The government maintained operational secrecy, declining to comment on whether it privately confronted Beijing or addressed U.S. frustrations over its restrained public response.