Suspected China-based hackers reportedly targeted Australian government officials with an email scam at last month’s G7.

According to the AFR, the coordinated email campaign targeted officials from Australia, France, Singapore, and the United Kingdom, attempting to install malicious software on their devices and steal sensitive information. 

The cybercriminals allegedly posed as Indonesia's ministries of Foreign and Economic Affairs in their emails to lure the officials into downloading a compromised Word document.

The hacking attempt was discovered by SentinelOne, a US-listed cybersecurity firm. 

Brian Hussey, Vice President of Cyber Threat Response at SentinelOne, says the campaign displayed significant funding, effort, and expertise. 

Although signs pointed to Chinese hackers, Hussey did not explicitly attribute the attacks to the Chinese Communist regime. 

An analysis of the code used in the attacks apparently suggested the involvement of a software writer called RoyalRoad, often associated with China-based or Russian groups.

The compromised document, posing as a series of action statements from the Hiroshima G7 meeting, contained policy points that align with China's preferences, such as strict adherence to the One China policy and opposition to the use of force in the South China Sea. 

Once the document was opened, it installed an Information Stealer malware, allowing the hackers to gain remote access to the compromised systems.

SentinelOne's regional director for Australia and New Zealand, Jason Duerden, highlighted the increased threat of ransomware attacks by cybercriminal groups, particularly targeting the Quadrilateral Security Dialogue (Quad) countries: Australia, the US, Japan, and India. 

The Australian Cyber Security Centre has expressed concern over the rising scale and severity of cyber activity conducted by state and non-state actors and reiterated the government's commitment to deterring and responding to such threats.