China Bombarding Australia with Cyber Attacks, Targeting Work-from-Home Employees

Australians working from home are facing a new cyber threat as Chinese state-backed hackers ramp up digital attacks targeting personal devices to infiltrate corporate systems, a new government report has revealed.

Cyber Attacks on the Rise

The Australian Signals Directorate (ASD) released its latest Annual Cyber Threat Report, exposing a sharp 11% rise in cyber incidents in the past year — totalling more than 1,200 security breaches.

According to the ASD, Chinese state-sponsored hacking groups, particularly the notorious APT40, are behind much of this activity. These groups have been “routinely hunting Australian government networks” in search of confidential information on defence, strategy, and policy.

But what’s most concerning is their new focus on remote employees. By compromising home routers and internet-connected devices, hackers are building global “botnets” — massive networks of hijacked systems used to spread spyware and launch further attacks.

‘Living Off the Land’ Attacks

The report explains that cybercriminals are increasingly using a stealthy method called “Living Off the Land” (LOTL) — where they exploit built-in system tools instead of external malware.

This makes detection extremely difficult, as the activity appears legitimate.
Defenders must now “think like the attacker,” studying system behaviour rather than relying solely on antivirus or intrusion detection software.

APT40’s sophisticated operations pose a serious security threat to both government and critical infrastructure sectors. The ASD and its global partners have since published detailed intelligence on the group’s methods to help organizations recognize and prevent future breaches.

Government Warning

Defence Minister Richard Marles described the current digital landscape as “an increasingly challenging threat environment,” stressing that cyber-enabled espionage is now a real and growing danger to Australia’s essential services.

“The report makes clear that malicious actors have been working unseen to steal data and demand ransom payments from Australian victims, or to target our most critical networks for disruptive attacks,” he said.

Impact on Businesses

Every major industry is now at risk, with the healthcare sector hit particularly hard.
Ransomware incidents doubled in 2024–25, and attackers succeeded in 95% of healthcare-related breaches investigated by the ASD.

The financial toll is staggering:

• Small businesses lost an average of $56,600 per attack (+14%)

• Medium businesses: $97,200 per incident (+55%)

• Large enterprises: $202,700 (+219%)

The ASD urges all businesses to “assume compromise” — meaning companies should act as if their systems are already breached and focus protection on their most valuable data.

High-Profile Cases

The growing cyber crisis hit headlines after a major Qantas data breach in July, where hackers leaked personal details of thousands of passengers online.
While financial and passport data remained secure, sensitive information such as names, addresses, contact details, and frequent flyer points were exposed.

The airline is now working with the ASD, Australian Cyber Security Centre, and AFP to investigate the incident.

Protecting the Digital Frontline

The rise of remote work has expanded Australia’s digital attack surface.
Experts warn that home devices are now gateways for large-scale breaches, urging Australians to secure routers, enable multi-factor authentication, and keep systems updated.

As cyber threats evolve, one message from the ASD remains clear — digital vigilance starts at home.