Increased terrorism threat level in Australia: Minimal cyber impacts

Published by Cyber Intelligence 8 August 2024

In August 2024, the Australian Security Intelligence Organisation (ASIO) raised the national terrorism threat level from possible to probable. We assess this development has minimal cyber impacts for Australian organisations. However, the change reflects the increasingly volatile and complex threat landscape for organisations in Australia and New Zealand (AUNZ). Similar trends have driven a heightened risk of ideologically motivated cyber attacks against AUNZ organisations, although the impact of these types of incidents is generally low.

Key Points

• In August, ASIO raised the national terrorism threat from possible to probable, meaning it assesses there is a greater than 50 per cent chance of an onshore attack in Australia or attack planning in the next 12 months.
• The cyber impacts of the change in Australia’s national terrorism threat level are minimal. We do not assess this development materially increases cyber threat from ideologically motivated actors.
• Ideologically motivated cyber attacks against AUNZ organisations have increased in response to global developments, notably the Russia-Ukraine and Hamas-Israel wars. However, the impact on targeted organisations has been generally limited.
• It is plausible that ideologically motivated groups could combine physical and cyber elements in their attacks. However, we have not observed a strong behavioural pattern of this occurring in AUNZ.
• Extremist ideologies and social polarisation can present opportunities for nation-state actors to conduct more effective cyber-enabled interference and information operations. Both Russia and China have previously targeted western organisations in these type of operations to amplify division and advance their national objectives.

Background

• In early August, ASIO raised Australia’s national terrorism threat level from possible to probable.[1] This means ASIO assesses there is a greater than 50 per cent chance of an onshore terrorist attack or attack planning in Australia in the next 12 months.[2]
  • The key drivers of this increased threat are cited as youth radicalisation, online radicalisation and the rise of new “mixed ideologies” based in violence, including elements of religiously motivated, nationalist and racist ideologies.
  • ASIO stated that issue motivated extremism in Australia is also being driven by personal grievances, conspiracy theories and anti-authority ideologies.
• In support of the threat level change, Australia’s eSafety Commissioner released a statement stating that social media has played a significant role in the spread of terrorist and extremist material, and that online radicalisation remains a concern in Australia and overseas.[3]
  • The eSafety Commissioner expressed concerns about violent extremists weaponising technologies like live streaming, algorithms and recommender systems to promote harmful material.

Key assessments

• The cyber impacts of the change in Australia’s national terrorism threat level are minimal.
  • Ideologically motivated attacks against AUNZ organisations have increased in the past two years, notably in response to the Russia-Ukraine and Hamas-Israel wars. However, the capability of ideologically motivated cyber threat actors is low, and the impact of their attacks has generally been limited.[4]
    • CyberCX Intelligence currently assesses the threat of ideologically motivated cyber actors to most AUNZ sectors as MODERATE.[5] The most common attack types are distributed denial of service (DDoS), website defacements and, in limited circumstances, hack and leak attacks.
  • Based on incidents observed by CyberCX Intelligence, in-country ideologically motivated cyber attacks represent a negligible proportion of overall malicious cyber activity, and overall ideologically motivated cyber activity.
• We assess with low confidence that it is unlikely, but plausible, that threat actors planning political violence could also engage in cyber attacks. We have not observed a strong behavioural pattern of ideologically motivated actors targeting AUNZ organisations in this way.
  • Globally, there are limited examples of ideologically motivated actors pairing cyber effects (such as DDoS attacks) with physical protest activity. For example, in May 2024, pro-Palestinian group, Anonymous Arabia, conducted DDoS attacks against the University of Columbia in response to police raids against pro-Palestinian protests. The group claimed to have taken down university websites and e-services.
  • Ideologically motivated cyber actors active in AUNZ largely operate from offshore. We are aware that some pro-Russia ideologically motivated cyber actors operate from western countries. However, there is no intelligence at the time of writing to indicate this has occurred in AUNZ. If ideologically motivated cyber actors operate from within AUNZ this could plausibly influence their targeting selection.
    • For example, in July 2024, three alleged members of the pro-Russia group, NoName057(016) were arrested in Spain for involvement in DDoS attacks against public institutions and critical infrastructure in Spain. NoName057(016) has previously targeted AUNZ organisations, including parliamentary institutions.
• More generally, the rise in violent extremisms, conspiracy theories and anti-authority ideologies, paired with technology developments, is providing opportunities for foreign government cyber-enabled interference and information operations.
  • Multiple authoritarian foreign governments are known to conduct cyber-enabled interference and information operations to advance their national strategic agendas and foreign policy interests.
  • In particular, Russian nation-state actors are known to amplify and spread disinformation on polarising issues in western countries. Chinese nation-state actors have been reported as amplifying polarising media reporting and censoring unfavourable content, including in AUNZ.
• The assessments in this Intelligence Update are consistent with CyberCX Intelligence’s ongoing assessments regarding the Hamas-Israel war  and broader conflict in the Middle East.
  • We note that ASIO’s Director-General has said that the decision to raise the threat level was “not a direct response” to events in the Middle East, but that these had “exacerbated” division, and “an escalation of conflict in the Middle East” may aggravate tensions and fuel radicalisation.[6]
  • We continue to assess that current conflict in the Middle East has increased cyber threat globally. If military conflict escalates further, the likelihood that organisations in third party countries will be directly targeted may also increase. Organisations in direct conflict regions and surrounding countries face heightened threat of targeted disruptive and destructive cyber attacks, especially if they are in, or adjacent to, the government or critical infrastructure sectors.

[1] ASIO uses a five level scale to assess threat level: not expected; possible; probable; expected; and certain.

[2] https://www.asio.gov.au/national-terrorism-threat-level-2024

[3] https://www.esafety.gov.au/newsroom/media-releases/esafety-statement-terrorist-and-extremist-material-on-social-media#:~:text=eSafety%20Statement%20%2D%20Terrorist%20and%20extremist%20material%20on%20social%20media,-Share&text=The%20spread%20of%20terrorist%20and,here%20in%20Australia%20and%20overseas.

[4] CyberCX Intelligence is aware that some ideologically motivated groups are affiliated with nation-states. The capability of these groups is generally higher, although the overall impact of their activities remains limited. See: A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations 

[5] CyberCX Intelligence uses a five level scale to assess threat level. A MODERATE rating (the second of five levels) means organisations should remain vigilant, and monitor and take extra security precautions relevant to the threat. 

[6] https://www.pm.gov.au/media/press-conference-parliament-house-canberra-27