Australia’s cyber intelligence agency - the Australian Signals Directorate (ASD) - concluded in March that China’s Ministry of State Security was responsible for the attack, the five people with direct knowledge of the findings of the investigation told Reuters.
The five sources declined to be identified due to the sensitivity of the issue. Reuters has not reviewed the classified report.
The report, which also included input from the Department of Foreign Affairs, recommended keeping the findings secret in order to avoid disrupting trade relations with Beijing, two of the people said. The Australian government has not disclosed who it believes was behind the attack or any details of the report.
In response to questions posed by Reuters, Prime Minister Scott Morrison’s office declined to comment on the attack, the report’s findings or whether Australia had privately raised the hack with China. The ASD also declined to comment.
China’s Foreign Ministry denied involvement in any sort of hacking attacks and said the internet was full of theories that were hard to trace.
“When investigating and determining the nature of online incidents there must be full proof of the facts, otherwise it’s just creating rumours and smearing others, pinning labels on people indiscriminately. We would like to stress that China is also a victim of internet attacks,” the ministry said in a statement sent to Reuters.
“China hopes that Australia can meet China halfway, and do more to benefit mutual trust and cooperation between the two countries.”
China is Australia’s largest trading partner, dominating the purchase of Australian iron ore, coal and agricultural goods, buying more than one-third of the country’s total exports and sending more than a million tourists and students there each year.
Australian authorities felt there was a “very real prospect of damaging the economy” if it were to publicly accuse China over the attack, one of the people said.
Australia in February revealed hackers had breached the network of the Australian national Parliament. Morrison (photo) said at the time that the attack was “sophisticated” and probably carried out by a foreign government. He did not name any government suspected of being involved.
When the hack was discovered, Australian lawmakers and their staff were told by the speaker of the House of Representatives and the president of the Senate to urgently change their passwords, according to a parliamentary statement at the time.
The ASD investigation quickly established that the hackers had also accessed the networks of the ruling Liberal Party, its coalition partner the rural-based Nationals, and the opposition Labor Party, two of the sources said.
The Labor Party did not respond to a request for comment. One person close to the party said it was informed of the findings, without providing details.
The timing of the attack, three months ahead of Australia’s election, and coming after the cyber-attack on the US Democratic Party ahead of the 2016 US election, had raised concerns of election interference, but there was no indication that information gathered by the hackers was used in any way, one of the sources said.
Morrison and his Liberal-National coalition defied polls to narrowly win the May election, a result Morrison described as a “miracle”.
The attack on the political parties gave the perpetrators access to policy papers on topics such as tax and foreign policy, and private email correspondence between lawmakers, their staff and other citizens, two sources said.
Independent Members of Parliament and other political parties were not affected, one of those sources said.
Australian investigators found the attacker used code and techniques known to have been used by China in the past, according to the two sources.
Australian intelligence also determined that the country’s political parties were a target of Beijing spying, they added, without specifying any other incidents.
The people declined to specify how the attackers breached network security and said it was unclear when the attack had begun or how long the hackers had access to the networks.
The attackers used sophisticated techniques to try to conceal their access and their identity, one of the people said, without providing details.
The findings were also shared with at least two allies, the United States and the United Kingdom, said four people familiar with the investigation.
The UK sent a small team of cyber experts to Canberra to help investigate the attack, three of those people said.
The United States and the United Kingdom both declined to comment.