ASIO Raises Alarm on Cyber Threats: Critical Infrastructure at Risk from Nation-State Actors
Australian intelligence agencies have historically maintained a cautious approach regarding public disclosures about potential threats. Statements are typically reserved for situations deemed absolutely necessary. However, recent actions by Mike Burgess, the Director-General of the Australian Security Intelligence Organisation (ASIO), indicate a shift in this protocol. Burgess has issued multiple public warnings regarding significant cyber threats targeting Australia’s critical infrastructure.
The frequency of these warnings is alarming. In July 2025, Burgess highlighted that foreign espionage costs Australia at least $12.5 billion annually. ASIO has disrupted around 24 significant espionage and foreign interference attempts in recent years. By November 2025, the agency escalated its concerns, alerting the public to ongoing attempts by nation-state actors to infiltrate critical infrastructure sectors, including telecommunications, water, healthcare, manufacturing, and energy. Notably, healthcare services have emerged as the most targeted industry in Australia.
Australia: A Target for Cyber Threats
The reality is stark: Australia’s critical infrastructure is under threat. In the latter half of 2025, the country ranked third globally in terms of security threats per organization. The threat actors involved are often sophisticated, state-sponsored groups from nations such as China, Iran, Russia, and North Korea. ASIO tracks these advanced persistent threat (APT) groups under pseudonyms like Volt and Salt Typhoon, both of which are particularly active within Australia.
The term “persistent” in APT is crucial. Unlike opportunistic attackers, these groups employ stealthy tactics, remaining undetected within networks for extended periods. Their objective is not immediate financial gain but rather prolonged access to gather intelligence, steal data, and potentially disrupt operations. This method allows them to remain hidden for months, making them particularly dangerous.
Techniques and Tactics of Threat Actors
A significant tactic employed by these threat actors is the use of “living off the land” techniques. This involves utilizing stolen credentials and legitimate administrative tools to blend into the network environment. Combating these tactics necessitates integrated visibility, identity hardening, and network segmentation across both IT and operational technology domains to eliminate potential hiding spots.
Rather than initiating attacks through traditional IT networks, these actors often first compromise operational technology (OT) and Internet of Things (IoT) devices. Many of Australia’s critical infrastructure organizations rely on these technologies, which frequently operate on outdated systems. This makes them attractive targets for initial infiltration, allowing threat actors to establish a foothold before moving laterally across the broader network.
Burgess has emphasized the seriousness of this threat, stating that once these actors penetrate networks, they aggressively map systems and seek to maintain undetected access. This access enables them to conduct sabotage at a time of their choosing.
Historical Context of Cyber Threats
This method of operation has proven effective in the past. In 2024, a significant breach occurred when a threat actor targeted a U.S. telecommunications company, resulting in the theft of data belonging to numerous American citizens. Although specific details about the compromised systems remain undisclosed, reports suggest that Volt or Salt Typhoon targeted systems used for court-approved access to communication networks, which are critical for law enforcement and intelligence investigations.
Australian organizations must recognize the severity of these nation-state actors and their willingness to exploit vulnerabilities. The warnings from ASIO are not isolated incidents; they reflect a persistent and evolving threat landscape.
Legislative and Organizational Responses
In light of these threats, legislation such as the Security of Critical Infrastructure Act mandates that owners of critical infrastructure enhance their defenses. There is hope that Australia will take ASIO’s warnings seriously before it is too late. Effective action will enable critical infrastructure entities to improve asset inventories across their networks, reducing blind spots in OT and IoT environments that APT groups may exploit.
Organizations must also conduct audits of privileged access to limit lateral movement and the use of “living off the land” techniques by cybercriminals. Transitioning from reactive measures to continuous monitoring is essential. Cybercriminals can remain dormant for extended periods, rendering point-in-time assessments inadequate. Ongoing evaluation and anomaly detection for specific behaviors are vital for defending against threats designed to remain concealed.
Investment in Cybersecurity
A positive development is the increasing investment in cybersecurity within Australia. Organizations are projected to spend approximately $6.2 billion on information security and risk management in 2025. While IT security remains crucial, it is imperative that organizations also focus on securing operational technology and IoT devices. The analogy of locking the front door while leaving the windows open aptly illustrates the need for comprehensive security measures.
As Australia navigates this complex threat landscape, the emphasis must be on proactive strategies to safeguard critical infrastructure. The stakes are high, and the time for action is now.
Source: www.cyberdaily.au
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
