A top cybersecurity figure says China’s Salt Typhoon hacking campaign has almost certainly burrowed into Australia’s critical infrastructure in one of the most effective long-term espionage campaigns ever seen.
Alastair MacGibbon, chief strategy officer at CyberCX and a former cybersecurity adviser to then-prime minister Malcolm Turnbull, said Salt Typhoon’s operation has probably compromised multiple sectors across Australia and New Zealand and remains undetected.
[...]
Salt Typhoon – named by Microsoft using its convention for Chinese state-linked threat groups - is a hacking operation that has been active since at least 2019. Rather than deploying ransomware or seeking quick financial pay-offs like criminal hackers, Salt Typhoon is focused on long-term espionage: quietly infiltrating telecommunications networks, stealing data, and maintaining persistent access that could be weaponised during future conflicts.
[...]
What makes Salt Typhoon particularly alarming is its exploitation of “lawful intercept” capabilities – surveillance systems that telecommunications companies are legally required to maintain for law enforcement and intelligence agencies.
“By targeting US telco networks, Salt Typhoon has enabled China’s Ministry of State Security to take over the lawful intercept capabilities that governments compel telcos to have,” MacGibbon said. “This means that the MSS can see and listen to highly sensitive interception and surveillance data meant for law enforcement and security agencies.”
MacGibbon said one of the most concerning aspects for security professionals was how difficult such state-backed campaigns were to identify.
[...]
Unlike ransomware gangs, nation-state actors employ so-called “living off the land” techniques that exploit legitimate, built-in tools within a victim’s own systems rather than deploying malware that might trigger security alerts.
“These stealthy techniques can bypass traditional security tripwires and are much harder to detect,” MacGibbon said. CyberCX’s most recent threat report found that espionage incidents take on average about 400 days to detect, compared to just over three weeks for financially motivated attacks perpetrated by cybercriminals.
For businesses, the stakes extend beyond espionage. Jake Hense, a research analyst at American Century, noted that cybersecurity had become fundamental to assessing whether a business can survive long-term, a factor the US Securities and Exchange Commission now requires companies to address in their disclosures.
“A sustainable business must be able to address risks, including cyberthreats that could significantly impact its ability to conduct day-to-day business,” Hense said.
[...]
Lieutenant General Susan Coyle, who leads Defence’s cyber and space operations, told the same summit that Australia was effectively already fighting in cyberspace.
“I would be naive to get up here and tell you that we’re not in conflict in the cyber domain now,” Coyle said. “Our ships will not sail, our planes will not fly, and our missiles will miss targets if we don’t get the cyber domain right.”
MacGibbon said Five Eyes agencies were “very alive to the risk” and regularly publishing joint advisories with practical guidance for critical infrastructure organisations, including reviewing network device logs for unexpected activity and employing robust change management processes.
[...]