The Director-General of Australia's top spy agency is calling attention to China's cyber espionage efforts in Australia, which could seriously impact critical infrastructure.
The United States has been combatting an ongoing cyber campaign sponsored by the People’s Republic of China. On top of the monumental Salt Typhoon hack that affected nearly all Americans and was discovered nearly a year ago, there have been continuing cyberattacks. Most recently, the F5 hack (an infiltration that affected 85% of companies on the Fortune 500) has been attributed to China-backed threat actors. While these attacks could have potentially serious impacts on critical infrastructure in the US, it’s important to know that the US has not been the only target of China’s cyber campaigns.
As Australia climbs up in the Global Innovation Index, they are also becoming increasingly targeted by cyberattacks. One report by Nozomi Networks claimed that the country was “the fourth most targeted country for cyberattacks on operational technology (OT) and Internet of Things (IoT) systems.” According to Australia’s 2024-2025 annual cyber threat report, the Australian Cyber Security Hotline answered 42,500 calls in the past fiscal year and received more than 84,700 cybercrime reports, an average of a report every 6 minutes. The first threat described in the report are state-sponsored cyber actors, who “target a range of sectors to conduct espionage against both individuals and organisations, and to generate opportunities to disrupt critical services and communication at a time of strategic advantage.”
The cyber threat report specifically calls out China's cyber espionage on Australian and regional networks, and this week, the Director-General of the Australian Security Intelligence Organisation (ASIO), Mike Burgess, warned Australians about the growing danger of these threats. In an Australian Securities and Investments Commission forum in Melbourne, Burgess said “I have previously said we’re getting closer to the threshold for high-impact sabotage. Well, I regret to inform you, we’re there now.”
As Australia was one of the many countries targeted in the Salt Typhoon and Volt Typhoon hacks, the alarm may have felt somewhat expected. In August of 2025, the Australian Cyber Security Centre (ACSC) even released a Cybersecurity Advisory (CSA), “Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System”, addressing the Salt Typhoon hack. The CSA was a joint publication, also being posted by the United States Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (Cyber Centre), and the United Kingdom National Cyber Security Centre (NCSC-UK), among others.
While the advisory offered several mitigations and recommendations to counter similar cyberattacks, Burgess made it clear that the threat persists: “ASIO is aware of one nation state – no prizes for guessing which one – conducting multiple attempts to scan and penetrate critical infrastructure in Australia and other Five Eyes countries, targeting water, transport, telecommunications, and energy networks. The reconnaissance is highly sophisticated… when they have penetrated your networks, they actively and aggressively map your systems, and seek to maintain persistent undetected access that enables them to conduct sabotage at a time and moment of their choosing.”
To paint an even stronger picture of what this sabotage could look like, Burgess referenced the chaos following a recent telecommunications disaster. In September, a systems outage at Optus, the second largest telecommunications company in Australia meant that more than half of the country couldn’t call emergency services for 13 hours. Over 600 calls were unable to connect to emergency services, tying the outage to at least three deaths in that time period. Burgess explained that this aftermath was just “one phone network not working for less than a day. Imagine the implications if a nation-state took down all the networks? Or turned off the power during a heatwave? Or polluted our drinking water? Or crippled our financial system?"
Burgess stressed that Australia’s infrastructure is already being tested by nation-state threat actors: “And yes, we have seen Chinese hackers probing our critical infrastructure as well… these are not hypotheticals – foreign governments have elite teams investigating these possibilities right now.”
China has responded by denying the allegations. A spokesperson for China’s Ministry of Foreign Affairs condemned Burgess’ statement on X: “In recent months, Mike Burgess, ASIO Director-General of Security, has repeatedly hurled attacks at China, spread disinformation and deliberately sowed division and confrontation. China firmly opposes it and has protested with Australia. Such irresponsible actions must stop, and this Australian official should stop doing anything that harms the healthy development of China-Australia relations.”
Refuting accusations of cybercrimes is on par for China, who similarly denied responsibility for the F5 hack shortly after they accused the US National Security Agency (NSA) of hacking China's National Time Service Center. More recently, China claimed that hackers sponsored by the US stole 127,272 Bitcoin tokens (worth nearly $13 billion) from the LuBian mining pool in 2020. The US did confiscate the tokens as they were connected to Chen Zhi, the chairman of Prince Group, a Cambodian conglomerate.
Chen Zhi was charged for wire fraud conspiracy and money laundering conspiracy as part of the fraud operations he directed from scam compounds in Cambodia. The press release described the Bitcoin collection as “the largest forfeiture action in the history of the Department of Justice.” Chen has not yet been apprehended by the US, and is reportedly looking for the Bitcoin: “As we explained in our submission to the Court, we are working closely with cryptocurrency experts to trace the Bitcoin that the government seized over a year ago, and which was stolen back in 2020”.
While the Chen Zhi bitcoin case is a strong example of the worsening US-China cyber relationship, the story is still ongoing. As Australia has attributed some cybercriminal activity to China-sponsored threat actors, time will tell if they will also face counter accusations as a rebuttal.