Australia has joined the United States and other Five Eyes cyber agencies to identify China as the culprit behind recent cyber attacks targeting "critical infrastructure" in the US.
A joint Cybersecurity Advisory was issued following a "recently discovered cluster of activity of interest" associated with China's state sponsored hacking group Volt Typhoon.
The advisory warned Volt Typhoon had used a "living off the land" attack — a tactic that exploits legitimate tools within the system rather than malware.
Using that technique hackers were able to evade detection by "blending in with normal Windows system and network activities".
In a statement Microsoft said Volt Typhoon's activity had used compromised credentials to access critical infrastructure organisations, and that the group's typical aim was espionage and information gathering.
"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the company said.
"Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."
Previous campaigns by Volt Typhoon have targeted sectors including communications, manufacturing, utilities, transport, construction, government, information technology, maritime and education.
The advisory was issued by US, Australian, New Zealand and United Kingdom intelligence agencies, including the Australian Cyber Security Centre, which sits within the Australian Signals Directorate.
The joint attribution is being made despite the Albanese government working to repair diplomatic relations with China.
Home Affairs Minister Clare O'Neil said the government would not shy away from identifying bad actors.
"The Australian government is never going to compromise on our national security. This activity should not be occurring, there is no question about that, and we are not going to be shy when we know who is responsible for that activity," Ms O'Neil said.
"We have the evidence before us … it's important for the national security of our country that we are transparent and up front about the threats that we face."
In a tweet, Shadow Cyber Security Minister James Paterson said the government needed to get tougher on China.
"While public attribution is a welcome first step, we must do more to deter this malign cyber activity," he wrote.
"Magnitsky cyber sanctions allow Australia to directly penalise those engaged in these attacks on our infrastructure. It's time the Albanese [government] used them."
In 2021 China responded with fury when Australia joined other nations to identify China as responsible for a massive hack of Microsoft Exchange.
