Cyber Incident Victim: Australian Labor Party
Date:
Feb 2019
Location:
Australia
Summary
Australian intelligence attributed a sophisticated cyber-attack on the national parliament and major political parties, including the Labor Party, to China's Ministry of State Security. The breach, occurring before a general election, compromised policy documents on taxation and foreign affairs along with private email communications between lawmakers and citizens. Investigators identified technical signatures linked to previous Chinese operations but found no evidence of election interference or misuse of exfiltrated data. Australia withheld public attribution to avoid damaging economic ties with its largest trading partner, sharing findings privately with key allies who assisted in the investigation. China denied involvement, characterizing the accusations as unfounded speculation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2019, Australian authorities disclosed a sophisticated cyber-attack targeting the national parliament’s network, prompting urgent password resets for lawmakers and staff. Prime Minister Scott Morrison attributed the breach to a foreign state actor but withheld specific attribution. Subsequent investigation by the Australian Signals Directorate (ASD) determined by March 2019 that China’s Ministry of State Security orchestrated the intrusion, which also compromised the networks of the ruling Liberal Party, its coalition partner the Nationals, and the opposition Labor Party. The attackers accessed policy documents on taxation and foreign affairs, along with private email communications between legislators, staff, and citizens. Investigators identified the use of code and techniques previously associated with Chinese operations but found no evidence that stolen data influenced Australia’s May 2019 federal election. The breach’s exact start date, duration, and entry methods remained unclear, though attackers employed advanced obfuscation tactics to mask their activities.
The Australian government withheld public attribution despite ASD’s findings, with two sources citing concerns that accusing China would damage bilateral trade relations, given China’s status as Australia’s largest export market. A classified report co-authored by ASD and the Department of Foreign Affairs recommended secrecy, though findings were shared with U.S. and U.K. intelligence partners, the latter sending cyber experts to assist the investigation. China’s Foreign Ministry denied involvement, characterizing the allegations as unsubstantiated rumors while emphasizing China’s own victimhood from cyber-attacks. The incident occurred amid broader Australian efforts to counter Chinese influence, including 2017 foreign donation bans and 2018 restrictions on Huawei’s 5G participation. U.S. officials expressed mixed reactions, with Secretary of State Mike Pompeo indirectly criticizing Australia’s reluctance to publicly confront Beijing during a Sydney visit shortly after the election. No data manipulation or disruptive actions were observed during the coalition government’s reelection campaign.