The central bank revealed the attacks after investigations by The Australian Financial Review found multiple computers had been compromised by malicious software seeking intelligence.
The newspaper said in one attack a Chinese-developed malware spy programme was searching in 2011 for information on sensitive G20 negotiations, where Beijing’s exchange rate and currency reserves were on the agenda.
A Reserve Bank official confirmed the G20 virus to AFP and said it was confined to only “a few” computers. The official did not say what information was stolen, who was targeted, and would not confirm the Chinese connection.
A defence department official cited by the newspaper said “the targeting of high-profile events, such as the G20, by state-sponsored adversaries … is a real and persistent threat”.
He added: “Cyber intruders are looking for information on … the government’s intentions.”
In another sophisticated incident the month before, revealed on the central bank’s disclosure log under its freedom of information obligations, “targeted” emails were received regarding its strategic planning for 2012.
“Malicious email was highly targeted, utilising a possibly legitimate external account purporting to be a senior bank staff member,” an official report by the bank’s risk management unit said.
“As the email had no attachment, it bypassed existing security controls, allowing users to potentially access the malicious payload via the Internet browsing infrastructure.”
Six users clicked on the mail.
“Bank assets could have been potentially compromised, leading to service information loss and reputation (damage),” the official report said.
In 2011, the computers of Australia’s prime minister plus foreign and defence ministers were all suspected of being hacked. Reports and security experts said the attacks originated in China.
Beijing dismissed the allegations as “groundless and made out of ulterior purposes”.
Last year, Chinese telecoms giant Huawei was barred from bidding for contracts on Australia’s ambitious Aus36 billion (US37 billion) broadband rollout due to fears of cyberattacks. – AFP / NST