ASIO Reveals Nation-State Hackers Breached Australian Critical Infrastructure for Sabotage
Australia's domestic intelligence agency disclosed that nation-state actors compromised a critical infrastructure provider, stealing administrator credentials and maintaining persistent access for potential future sabotage.
Australia’s Security and Intelligence Organisation (ASIO) has revealed that nation-state hackers successfully breached the network of an Australian critical infrastructure provider, stealing credentials from active users—including IT administrators—and maintaining persistent access with the intent to cause disruption at a time of their choosing. ASIO Director General Mike Burgess disclosed the incident during the release of the agency’s annual threat assessment, describing the operation as a clear case of preparation for sabotage rather than espionage.
“We discovered nation-state hackers had compromised the network of an Australian critical infrastructure provider,” Burgess said. “ASIO assessed the hackers were preparing for sabotage. They weren’t planting ‘digital dynamite’ as such; they were mapping out the network and maintaining access so they could cripple it at a time of their choosing.” The attackers acquired login credentials for active users, including those responsible for guarding the network, giving them the ability to move laterally and potentially disrupt essential services.
Burgess noted that ASIO identified, tracked, and attributed the hack, and is working with the victim company and security partners to remediate the compromise—a process that remains ongoing. He emphasized the scale of the activity, stating, “The scale of this activity – led by one nation-state in particular – is difficult to overstate,” adding that Australia is not alone in facing such threats. “We struggle to find a single country in our region that has not been compromised by this state’s cyber apparatus.”
In response to the evolving threat landscape, Burgess announced the establishment of dedicated teams within ASIO to counter nation-state cyber sabotage. “Cyber sabotage is an evolving threat. I have established dedicated teams to counter it,” he said. The revelation underscores the growing concern among Western intelligence agencies about state-sponsored actors targeting critical national infrastructure for potential kinetic or disruptive effects.
Separately, Burgess detailed a successful counter-espionage operation involving a foreign intelligence service attempting to steal information about the AUKUS pact—the trilateral security partnership between Australia, the United Kingdom, and the United States. A foreign spy approached an Australian security clearance holder online, posing as a consultant, and paid the official to write reports on Australia’s Pacific relationships before offering money for inside information on AUKUS.
The Australian official became suspicious, reported the incident, and cooperated with ASIO during interviews. Burgess said the agency gained valuable insights into the foreign service’s information gaps and tradecraft. In a dramatic twist, ASIO officers used the official’s phone to call the spy, revealing their identity and demanding an end to the targeting of Australian citizens. “We demonstrated we knew exactly who she was, demanded she cease targeting Australian citizens, stated we have zero tolerance for spying on AUKUS,” Burgess recounted.
The ASIO chief also highlighted the ongoing threat of online radicalization, noting that individuals are increasingly being radicalized in weeks rather than months, often as minors, and through encrypted chat rooms rather than physical gatherings. He revealed that ASIO has resolved 14 significant terrorism-related cases since the December 2025 attack at Sydney’s Bondi Beach, and 31 major terrorism plots since 2014. The agency is aggressively adopting new tools, including artificial intelligence, to navigate the security environment, and Burgess invited Australians to consider careers at ASIO, including as offensive hackers.