China behind Australia parliament hack


Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the May general election, five people with direct knowledge of the matter told Reuters.

Australia’s cyber intelligence agency – the Australian Signals Directorate (ASD) – concluded in March China’s Ministry of State Security was responsible for the attack, five people with direct knowledge of the investigation’s findings told Reuters.

The sources declined to be identified due to the sensitivity of the issue. Reuters has not viewed the classified report.

The report, which includes input from the Department of Foreign Affairs, recommended keeping findings secret to avoid disrupting trade relations with Beijing, two people said. The Australian government has not disclosed who it believes was behind the attack or details of the report.

In response to Reuters questions, Prime Minister Scott Morrison’s office declined to comment on the attack, the report’s findings or whether Australia privately raised the hack with China. The ASD also declined to comment.

China’s Foreign Ministry denied involvement in any hacking attacks and said the internet was full of theories hard to trace.

“When investigating and determining the nature of online incidents there must be full proof of facts, otherwise it’s creating rumours and smearing others, pinning labels on people indiscriminately. We would like to stress China is also a victim of internet attacks,” the Ministry said in a statement.

“China hopes Australia can meet China halfway and do more to benefit mutual trust and co-operation between the countries.”

China is Australia’s largest trading partner, dominating purchase of Australian iron ore, coal and agricultural goods, buying more than a third of the country’s total exports and sending more than a million tourists and students there each year.

Australian authorities felt there was a “real prospect of damaging the economy” if it were to publicly accuse China of the attack, one of the people said.


Australia in February revealed hackers breached the Australian national parliament network. Morrison said at the time the attack was “sophisticated” and probably done by a foreign government. He did not name any government suspected.

When the hack was discovered, Australian lawmakers and staff were told by the Speaker of the House of Representatives and the President of the Senate to urgently change passwords, a parliamentary statement at the time said.

The ASD investigation established hackers accessed the networks of the ruling Liberal party, its coalition partner the rural-based Nationals and the opposition Labour party, two sources said.

The Labour Party did not respond to a request for comment. One person close to the party said it was informed of the findings, without providing details.

The timing of the attack three months ahead of Australia’s election and after a cyber-attack on the US Democratic Party ahead of the 2016 election, raised concerns of election interference. There was no indication information gathered by hackers was used one source said.

Morrison and his Liberal-National coalition defied polls to narrowly win the May election, a result he described as a “miracle”.

The attack on political parties gave perpetrators access to policy papers on topics such as tax and foreign policy and private email correspondence between lawmakers, their staff and other citizens, two sources said.

Independent members of parliament and other political parties were not affected, one source said.

Australian investigators found the attackers used code and techniques known to have been used by China in the past, according two sources.

Australian intelligence determined the country’s political parties were a target of Beijing spying, they added, without specifying any other incidents.

The sources declined to specify how network security was breached and said it was unclear when the attack started or how long hackers had access to networks.  

Attackers used sophisticated techniques to conceal access and identity, one person said, without giving details.

The findings were shared with at least two allies, the United States and the United Kingdom, said four people familiar with the investigation.

The UK sent a team of cyber experts to Canberra to help investigate, three people said.

The United States and the United Kingdom both declined to comment.


Australia has intensified efforts to address China’s growing influence, policies that have seen trade with China suffer. 

For example, in 2017 Canberra banned political overseas donations and required lobbyists to register links to foreign governments. A year later, the ASD led Australia’s risk assessment of new 5G technology, which prompted Canberra to effectively ban Chinese telecoms firm Huawei from its nascent 5G network.

Some US officials and diplomats welcomed Australian steps and praised the strong intelligence relationship, others are frustrated by Australia’s reluctance to more publicly confront China, according to US diplomatic sources.  

In Sydney last month, US Secretary of State Mike Pompeo delivered thinly veiled criticism of Australia’s approach after Foreign Minister Marise Payne said Canberra would make decisions on China in based on “our national interest”.

Pompeo said countries could not separate trade and economic issues from national security.

“You can sell your soul for a pile of soybeans, or you can protect your people,” he told reporters in Sydney.