• Technology
• Cybersecurity

A top cybersecurity figure says China’s Salt Typhoon hacking campaign has almost certainly burrowed into Australia’s critical infrastructure in one of the most effective long-term espionage campaigns ever seen.

Alastair MacGibbon, chief strategy officer at CyberCX and a former cybersecurity adviser to then-prime minister Malcolm Turnbull, said Salt Typhoon’s operation has probably compromised multiple sectors across Australia and New Zealand and remains undetected.

It is “the most effective espionage campaign against the West that we have ever seen,” MacGibbon said, and reflects an “insidious shift” in the global threat landscape where Beijing is pouring significant resources into burrowing into critical Western infrastructure.

CyberCX co-founder Alastair MacGibbon.Credit: Oscar Colman

“By the admission of the US government, Salt Typhoon has seen the Chinese intelligence services comprehensively penetrate the communications of millions of Americans, including some top decision-makers,” MacGibbon told this masthead.

“While there’s no public evidence that Salt Typhoon is active in Australia, we consider it highly likely that Salt Typhoon has compromised sectors in Australia which remain undetected.”

Loading

Salt Typhoon – named by Microsoft using its convention for Chinese state-linked threat groups - is a hacking operation that has been active since at least 2019. Rather than deploying ransomware or seeking quick financial pay-offs like criminal hackers, Salt Typhoon is focused on long-term espionage: quietly infiltrating telecommunications networks, stealing data, and maintaining persistent access that could be weaponised during future conflicts.

The FBI revealed last week that Salt Typhoon had hacked at least 200 American companies and struck organisations across 80 countries. The Australian Signals Directorate, working alongside 20 international partner agencies, has publicly attributed the campaign to Beijing’s Ministry of State Security and People’s Liberation Army.

What makes Salt Typhoon particularly alarming is its exploitation of “lawful intercept” capabilities – surveillance systems that telecommunications companies are legally required to maintain for law enforcement and intelligence agencies.

“By targeting US telco networks, Salt Typhoon has enabled China’s Ministry of State Security to take over the lawful intercept capabilities that governments compel telcos to have,” MacGibbon said. “This means that the MSS can see and listen to highly sensitive interception and surveillance data meant for law enforcement and security agencies.”