ASIO reveals state-backed sabotage plot against Australian infrastructure

Australia’s Security and Intelligence Organisation (ASIO) has exposed a sophisticated cyber intrusion by nation-state actors targeting the country’s critical infrastructure, revealing plans to disable systems at a time of the attackers’ choosing. The operation, attributed to a foreign government, involved deep network infiltration and credential theft, including those of IT professionals responsible for securing the infrastructure provider’s systems. ASIO’s intervention prevented immediate sabotage but remediation efforts remain ongoing as of June 2026, underscoring the persistent nature of such threats.

What happened

ASIO Director General Mike Burgess revealed in the agency’s annual threat assessment that hackers backed by a foreign state had compromised the network of an Australian critical infrastructure provider. The attackers did not deploy immediate destructive payloads—what Burgess described as "digital dynamite"—but instead focused on mapping the network and maintaining persistent access. Their goal, according to ASIO’s assessment, was to retain the ability to cripple the infrastructure at a future, strategically advantageous moment.

The breach extended beyond initial access. The hackers successfully obtained login credentials for active network users, including IT personnel tasked with defending the system. Burgess emphasized the scale of the threat, noting that Australia is not the sole target. "We struggle to find a single country in our region that has not been compromised by this state’s cyber apparatus," he stated, highlighting the regional scope of the campaign.

ASIO’s response included tracking and attributing the attack, collaborating with the affected company, and initiating remediation efforts. Burgess also announced the formation of dedicated teams within ASIO to counter cyber sabotage, reflecting the growing priority of such threats.

Espionage and counterintelligence

In a separate incident, ASIO disrupted a foreign espionage operation targeting Australia’s military and the AUKUS defense pact. A spy from a foreign intelligence service approached an Australian security clearance holder online, posing as a consultant. The spy paid the official to produce reports on Australia’s relationships with Pacific neighbors, later requesting classified information about AUKUS. The official, growing suspicious, reported the approach to ASIO, which then conducted interviews to gather intelligence on the foreign service’s methods and knowledge gaps.

ASIO escalated the disruption by contacting the spy directly. Using the official’s phone, ASIO officers called the spy in her home country, identifying themselves and demanding an end to the operation. Burgess revealed that ASIO later informed the foreign intelligence service’s leadership about the failed operation, suggesting that the spy may not have reported the incident internally.

Broader threat landscape

Burgess also addressed the evolving nature of terrorism and radicalization in Australia. He noted a shift toward faster, online-driven radicalization, often involving minors and low-capability attacks with minimal warning. Since the December 2025 terrorist attack at Sydney’s Bondi Beach, ASIO has resolved 14 "significant terror-related cases" and disrupted 31 major terrorism plots since 2014. The agency is increasingly adopting artificial intelligence and other advanced tools to navigate this complex security environment.

Why it matters

The disclosure underscores the escalating cyber threats facing critical infrastructure globally. Unlike traditional cyber espionage, which focuses on data theft, this operation aimed to enable future sabotage, aligning with broader trends of state-backed actors preparing for kinetic cyber effects. The incident also highlights the intersection of cyber and traditional espionage, as demonstrated by the AUKUS-related operation. For Australia and its allies, the revelations reinforce the need for coordinated defense strategies, particularly in sectors reliant on interconnected digital systems.