Cyber Incident Victim: Liberal Party of Australia
Date:
Feb 2019
Location:
Australia
Summary
A sophisticated cyber-attack attributed to China's Ministry of State Security targeted Australia's national parliament and its three largest political parties, including the ruling Liberal Party, ahead of a general election. The breach compromised networks containing policy documents on taxation and foreign affairs, along with private email communications between lawmakers and citizens. Australian intelligence agencies identified the intrusion using technical evidence consistent with known Chinese operations but withheld public attribution to avoid economic repercussions, given China's status as the nation's largest trading partner. While concerns about election interference arose due to the timing—mirroring prior incidents like the 2016 U.S. election hack—no evidence indicated stolen data was weaponized. Findings were shared confidentially with key allies, including the U.S. and U.K., which provided investigative support. China denied involvement, dismissing the allegations as unsubstantiated.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2019, Australian authorities disclosed a cyberattack targeting the national parliament’s network, described by Prime Minister Scott Morrison as sophisticated and likely state-sponsored. The Australian Signals Directorate (ASD) investigation, concluded in March 2019, attributed the breach to China’s Ministry of State Security based on analysis of attacker tradecraft, including code and techniques consistent with previous Chinese operations. The intrusion extended beyond parliamentary systems to compromise networks of the Liberal Party, its coalition partner the Nationals, and the opposition Labor Party, granting attackers access to policy documents on taxation and foreign affairs, as well as private email communications between lawmakers, staff, and citizens. Independent parliamentarians and smaller political parties were unaffected. While the breach occurred three months before Australia’s May 2019 federal election, investigators found no evidence that exfiltrated data was weaponized to influence electoral outcomes, contrasting with concerns raised by the 2016 U.S. Democratic Party hack. Attackers employed advanced methods to conceal their activities, though specifics of the initial intrusion vector and duration of network access remained unclear.
The Australian government withheld public attribution of the attack following a classified ASD-Department of Foreign Affairs report warning that accusing China could damage bilateral trade, which accounted for over one-third of Australia’s exports. Canberra privately shared findings with U.S. and U.K. intelligence partners, the latter deploying cyber specialists to assist forensic efforts. Parliament responded by mandating password resets for all users, but no public sanctions or diplomatic actions against China were undertaken. China’s Foreign Ministry denied involvement, characterizing allegations as unsubstantiated rumors while emphasizing its own victimhood from cyberattacks. The incident occurred amid escalating Australia-China tensions over foreign influence measures, including 2017 foreign donation bans and Huawei’s 2018 exclusion from 5G networks. U.S. officials expressed mixed reactions to Australia’s non-confrontational approach, with Secretary of State Mike Pompeo implicitly criticizing Canberra’s prioritization of economic ties during a Sydney visit shortly after the election, which saw Morrison’s coalition retain power despite pre-election polling suggesting defeat.