The Australian Signals Directorate and the Australian Cyber Security Centre have joined cybersecurity institutions from the U.S., Canada, and New Zealand in warning local technology professionals to beware of threat actors affiliated with China, including Salt Typhoon, infiltrating their critical communications infrastructure.
The news comes weeks after the Australian Signals Directorate’s Annual Cyber Threat Report 2023-2024, where the agency warned that state-sponsored cyber actors had been persistently targeting Australian governments, critical infrastructure, and businesses using evolving tradecraft over the most recent reporting period.
What is Salt Typhoon?
Recently, the U.S. revealed that a China-connected threat actor, Salt Typhoon, compromised the networks of at least eight U.S.-based telecommunications providers as part of “a broad and significant cyber espionage campaign.” But the campaign is not limited to U.S. shores.
Australian agencies did not confirm whether Salt Typhoon has reached Australian telco companies. However, Grant Walsh, telco industry lead at local cyber security firm CyberCX, wrote that it was “unlikely the ACSC – and partner agencies – would issue such detailed guidance if the threat was not real.”
“Telco networks have invested in some of the most mature cyber defences in Australia. But the global threat landscape is deteriorating,” he wrote. “Telecommunications networks are a key target for persistent and highly-capable state-based cyber espionage groups, particularly those associated with China.”
SEE: Why Australian Cyber Security Pros Should Worry About State-Sponsored Cyber Attacks
Salt Typhoon: Part of a wider state-sponsored threat problem
Over the past year, the ASD has issued several joint advisories with international partners to highlight the evolving operations of state-sponsored cyber actors, particularly from China-sponsored actors.
In February 2024, the ASD joined the U.S. and other international partners in releasing an advisory. It assessed that China-sponsored cyber actors were seeking to position themselves on information and communications technology networks for disruptive cyberattacks against U.S. critical infrastructure in the event of a major crisis.
The ASD noted that Australian critical infrastructure networks could be vulnerable to similar state-sponsored malicious cyber activity as seen in the U.S.
“These actors conduct cyber operations in pursuit of state goals, including for espionage, in exerting malign influence, interference and coercion, and in seeking to pre-position on networks for disruptive cyber attacks,” the ASD wrote in the report.
SEE: Australia Passes Ground-Breaking Cyber Security Law
In the ASD’s annual cyber report, the agency said China’s choice of targets and pattern of behaviour is consistent with pre-positioning for disruptive effects rather than traditional cyber espionage operations. However, it said that state-sponsored cyber actors also have information-gathering and espionage objectives in Australia.
“State actors have an enduring interest in obtaining sensitive information, intellectual property, and personally identifiable information to gai