China is blamed for huge cyber attack on Australian businesses, schools and hospitals amid increasing war of words between Canberra and Beijing over calls for international inquiry into COVID-19

China was today blamed for a massive cyber-attack on Australia amid an escalating feud between the two nations. 

Australian PM Scott Morrison said the country was under attack from a 'sophisticated state-based actor' targeting companies, hospitals, schools and government officials.

Mr Morrison did not name the country, but government sources say there is a 'high degree of confidence that China is behind the attacks'. 

Beijing and Canberra have been at loggerheads in recent weeks after Australia led global calls for an inquiry into the origins of Covid-19, which first surfaced in China late last year.  

China retaliated by slapping an 80 per cent tariff on Australian barley, suspending beef imports and telling students and tourists not to travel Down Under in an apparent attempt to damage the Australian economy.    

Australia says the cyber-attacks have increased dramatically in recent weeks and targeted 'all levels of government' as well as 'critical infrastructure'. 

Security chiefs say the hackers are using the so-called 'spear-phishing' method to steal sensitive login details by sending scam emails before hiding under cover of 'legitimate remote accesses' once they gain entry.    

+8

Senior sources have told Daily Mail Australia that government agencies believe China is behind the campaign. Pictured: Chinese President Xi Jinping at the 70th Anniversary of the founding of the People's Republic of China in October

Australia's Cyber Security Centre said today that the attackers had been staging a 'sustained targeting of Australian governments and companies'.  

Australia is part of the Five Eyes intelligence-sharing network along with Britain, Canada, New Zealand and the United States, which gives the country access to advanced capabilities but also makes it a rich target for adversaries. 

Security chiefs say the hackers are sending emails with malicious links, which divert people to hazardous websites or prompt them to grant access to Office software. 

These malicious tactics are known as 'spear-phishing' because they are more precisely targeted than traditional 'phishing' scams.  

Four specific methods used in the Australian cyber attack include:

• Sending links to 'credential-harvesting websites' which collect usernames and passwords;
• Emails with links to malicious files, or with the malicious file directly attached;
• Links prompting users to grant Office 365 authentication tokens to the attackers;
• Use of email tracking services to identify when emails are opened and lure so-called 'click-through events'.

Once they breach a sensitive network, the attackers have been 'migrating to legitimate remote accesses using stolen credentials' and continuing to use the systems unnoticed, Australian officials say. 

In addition, the hackers are 'regularly conducting reconnaissance of target networks looking for vulnerable services', pouncing on weaknesses in Microsoft, SharePoint and Citrix software. 

The attackers may be 'maintaining a list of public-facing services to quickly target following future vulnerability releases', it is believed. 

They have also 'shown an aptitude' for targeting unfinished or little-used software that is 'not well known or maintained by victim organisations,' officials say.  

The Security Centre also referred to the attacks as 'copy-paste compromises', because much of the malicious code used by the attackers is freely available. 

Officials say that some Australian firms and organisations had failed to upgrade their security systems despite the weaknesses being 'publicly known'.  

+8

A huge cyber attack has been aimed at the Australian government. Pictured: PM Scott Morrison

+8

Chinese troops marching during a military parade in Tiananmen Square in Beijing to mark the 70th anniversary of the founding of the People's Republic of China

Intelligence officials attributed a major cyber attack on the Australian parliament last year to China - and critics say intensifying attacks could be part of a Chinese campaign to intimidate or bully Australia as tensions over trade foment. 

Australia enraged China by calling for an investigation into the origins of the coronavirus pandemic and by accusing China of fuelling a virus 'infodemic' and engaging in economic 'coercion'.

China has warned its students and tourists against going to Australia, threatened more sanctions and sentenced an Australian citizen to death for drug trafficking.

Beijing and Canberra have also sparred over access to natural resources, maritime claims and the use of Chinese state-backed technology companies.

Senior sources have told Daily Mail Australia that government agencies believe China is behind the latest campaign to hack into the systems of Australian companies and government service providers. 

Cyber expert Nick Savvides, director of strategic business at Forcepoint, told Daily Mail Australia there could also be other motivations for the attack.

He said a state actor could be trying to gain a foothold in Australia's systems to shut down schools, hospitals and key industries in the event of war. 

'Attribution is really hard because you can be anyone you want to be in cyber space,' Mr Savvides said.

'Hackers can make operations look like they come from another state by mimicking another state actor. 

'To some it may sound like Scott Morrison is trying to get out of naming a suspect but I sympathise with him.

'We're in a heightened geopolitical climate so you would want to be absolutely sure and have evidence you can publicly state before you name some-one.'

Mr Savvides said the Prime Minister had used 'very powerful language' by declaring the attack was by a state. 

He said he believed Mr Morrison gave the press conference today to tell the attackers 'we're on to you and we know what you're up to'. 

Another aim could be to access classified government or commercial information, according to Professor Matthew Warren of RMIT University.

Mr Savvides said he believes Mr Morrison made the announcement today to tell the attackers 'we're on to you and we know what you're up to'. 

Australian Strategic Policy Institute executive director Peter Jennings said he is 95 per cent sure the attacker is China. 

'The Russians could do it. The North Koreans could do it, but neither of them have an interest on the scale of this. They have no interest in state and territory government or universities,' he told The Australian.  

'The only country that has got the interest to go as broad and as deep as this and the only country with the sophistication and the size of the intelligence establishment to do it, is China.' 

The Prime Minister said investigations by the Australian Cyber Security Centre so far have not found any personal data has been leaked. 

Mr Morrison said a 'sophisticated state-based actor' was behind ongoing attacks which have been happening for 'many months' but have dramatically increased recently. 

He said 'many' entities have been targeted but the success of the attacks has been 'less significant'. 

We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used 

Prime Minister Scott Morrison 

'Australian organisations are currently being targeted by a sophisticated state-based cyber actor,' he said today after calling a press conference at short notice.

'This activity is targeting Australian organisations across a range of sectors, including all levels of Government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure. 

'We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used,' he said.   

'Regrettably, this activity is not new. Frequency has been increasing.'

Mr Morrison said he would not name the enemy government because the threshold for attributing a cyber attack is very high. 

However, he said there are 'not a large number' of countries which can carry out such large-scale cyber operations. 

He said he has spoken to Five Eyes allies including UK Prime Minister Boris Johnson last night - and also informed leader of the Opposition Anthony Albanese and state and territory leaders.

Defence Minister Linda Reynolds said: 'There is no doubt that malicious cyber activity is increasing in frequency, scale, in sophistication and in its impact.' 

She urged businesses to check their cyber security and take extra steps such as ensuring employees use multi-factor identification before logging in to devices. 

Food and drink company Lion was forced to shut down production for eight days after a cyber attack on its systems on 8 June.

Mr Morrison said that attack was not related to the state attack announced today.  

Lion, which produces Little Creatures, XXXX, Tooheys and James Squire, shut down its Little Creatures brewery in Geelong. 

+8

The education sector has been targeted by the cyber attacks which have been happening for months 

The cyber attack has resulted in temporary shortages or out-of-stock products in kegs, bottles and cans. 

An attack on the federal parliament and three largest political parties before the general election last year was earlier this year attributed to China by security agencies.

Matt Warren, from RMIT University Centre for Cyber Security Research and Innovation, said cyber attacks were 'the new normal'.

'It's not that there's an increase in cyber-attacks, but we're seeing these attacks be more successful because what they're focusing on is the human aspect,' he told the Geelong Advertiser.

'It also highlights that organisations aren't prepared for it.