The Australian government has taken a rare step to support the United States and attributed the SolarWinds cyber attack to Russia.
“In consultation with our partners, the Australian Government has determined that Russian state actors are actively exploiting SolarWinds and its supply chains,” the joint statement said.
“Russia’s campaign has affected thousands of computer systems worldwide. Australia acknowledges the high costs borne by the US private sector.”
Payne, Dutton, and Andrews also acknowledged that in the past 12 months, the Australian government had witnessed Russia’s use of malicious activity to undermine international stability, security, and public safety.
“Australia condemns such behaviour,” the statement said.
“Australia welcomes private sector and government responders’ efforts around the world to expose and mitigate this threat and uphold the international norms of responsible behaviour in cyberspace.”
The Australian government has previously shied away from attributing cyberattacks to foreign state actors, with Prime Minister Scott Morrison in June last year refusing to name the sophisticated state-based actor that was targeting Australian organisations.
“Australia doesn’t judge lightly in public attributions and when and if we choose to do so; it is always done in the context of what we believe to be in our strategic national interest,” Morrison said.
“What I simply can confirm is there are not a large number of state-based actors that can engage in this type of activity, and it is clear, based on the advice that we have received, that this has been done by a state-based actor with very, very significant capabilities.”
However, naming and shaming a state-based cyber actor has very little real-world consequences, Matthew Warren, director of RMIT’s Centre for Cyber Security Research & Innovation, said.
Warren told The Epoch Times that attribution of a cyber attack by the federal government will make no difference to Russia.
“Russia, China, North Korea, and Iran have all been linked and named as being responsible for cyberattacks upon Western countries and there have been a number of examples of economic sanctions and criminal cases against representatives from those countries,” Warren said. “The public attribution of countries does not stop cyber attacks.”
Warren also warned that there was a possibility of increased cyber attacks but he said it was unlikely given that Russia’s focus is on the Northern Hemisphere, in particular Europe and the United States.
This is the second time in three weeks that Australia has confronted Russia over its behaviour.
The bridge connects Russia to the annexed Autonomous Republic of Crimea, and the city of Sevastopol, Ukraine, which was formally incorporated into Russia on March 30, 2014.
Payne said the Kerch bridge is an attempt to consolidate Russia’s control over the Crimean Peninsula and that these individuals and the companies were complicit in legitimising Russia’s annexation of the region and have supported separatist activities in eastern Ukraine.
“This year marks the seventh anniversary of the illegal annexation of Crimea and Sevastopol. Australia continues to urge Russia to return Crimea and Sevastopol to full Ukrainian control,” Payne said. “Australia rejects Russia’s illegal annexation of Crimea and Sevastopol and will continue to call out its ongoing intervention, interference, and provocative actions in eastern Ukraine.”
“We are steadfast in our commitment to maintaining pressure, including by way of sanctions, on individuals and entities who seek to facilitate Russia’s unlawful attempts to integrate Ukraine’s territory into Russia,” Payne said.
The sanctions came on the seventh anniversary of the “illegal” annexation and were coordinated with Canada. They bring the number of targeted sanctions taken by Australia on Russians and Russian entities involved in the dispute to 168 individuals and 52 entities.
