Australia's federal and state governments, and various businesses were under a "massive" cyber-attack, Australian Prime Minister Scott Morrison said this morning.

A "sophisticated state-based actor" was responsible for the attack, Morrison said.

Here, GCSB Minister Andrew Little said, "New Zealand is not experiencing a large-scale, national-level cyber attack.

"We are not currently seeing malicious activity above the levels we would usually expect to see."


Lion ransomware attack: Speights back online, but supply problems continue for other beers
Lion: Ransomware attack causing significant problems
Toll says data stolen in second ransomware attack within months
Premium - F&P Appliances latest to be hit by ransomware attack

Little added, "We know that New Zealand organisations of national significance are also subject to malicious cyber activity, and our cyber security agencies are very alert to these threats."

NTT cyber-security head Matthew Lord told the Herald his company's Global Threat Intelligence Team had not seen the attack on Australia spread JZ or any other countries in the region.

But he cautioned, "The problem will be NZ organisations operating in both countries. Those organisations should be prepare as the attackers could compromise a New Zealand organisation thinking it's an Australia business."

Australian Strategic Policy Institute executive director Peter Jennings said earlier today it was "very clear" that China was behind the cyberattack and that Scott Morrison was calling Beijing out.

Morrison did not mention China by name, however.

And Little had no comment on the identity of the "state-based" actor behind the attacks across the Tasman. He said that was a question to be answered by Australia's government.

"We are on the record for calling out malicious cyber activity, and we urge all states to abide by the framework of responsible state behaviour online," Little added.

GCSB Minister Andrew Little:
GCSB Minister Andrew Little: "We are not currently seeing malicious activity above the levels we would usually expect to see." Photo / Stuart Munro

That included a December 2018 allegation by the GCSB that the Chinese government has ties to a group that is carrying out commercial espionage in multiple countries - including New Zealand.

Morrison told a press conference that he raised the attack with UK Prime Minister Boris Johnson on Thursday night and also sought co-operation from Australia's Five Eyes intelligence partners, the United States, Canada, New Zealand as well as the UK.

Little said, "Our cyber security agencies regularly share information relating to cyber threat activity. The GCSB's National Cyber Security Centre has the specific role of protecting New Zealand organisations of national significance from advanced, persistent cyber security threats."

Morrison said at a press conference this morning, "Australian organisations are currently being targeted by a sophisticated state-based cyber actor."

Australian Prime Minister Andrew Little. Photo / File
Australian Prime Minister Andrew Little. Photo / File

"This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure."

Morrison said the investigation had shown no signs of citizen information being breached.


Morrison would not name the state that had sponsored the act.

"The Australian government is not making any attributions on the matter," he said.

"The threshold for attribution is very high. What I can confirm with confidence is that these are the actions of a state-based operator with significant capabilities."

He said there were only a small number of states that were capable of this kind of attack.

He said the act was considered "malicious" in nature.

"This has been a constant issue for Australia to deal with... It has been an issue of ongoing defence," Morrison said.


Morrison said the frequency of attacks had increased in recent months.

Cybercrime has been in New Zealand news recently, with Lion Breweries being attacked by ransomware.

The organisation behind this attack has requested over $1 million from the company.