An emergency phone call to Scott Morrison was made on Thursday evening, declaring that Australia was under attack.
Security agency bosses briefed the Prime Minister about the unfolding situation and he in turn alerted state and territory leaders, as well as the Opposition leader Anthony Albanese.
And then Mr Morrison prepared to address the nation.
There were no tanks rumbling in the streets or planes overhead, no troops charging ashore at strategic landing points, nor any formal declaration of war.
Instead, a foreign government had been unleashing digital fury on Australia’s government, its agencies, essential services and infrastructure, and businesses.
“Based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated state-based cyber actor,’’ Mr Morrison said from Parliament House.
“This activity is targeting organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.”
While the attacks made much less noise than a bomb, they had the potential to cause just as much mayhem to the country’s national security and stability.
“Modern warfare has changed,” explained Dr Richard Matthews from the University of Adelaide.
“We are unlikely to put boots on the ground. Instead, we send packets online and use other means to cause damage. It’s all part of a wider strategy called ‘Grand Strategy’ or ‘hybrid warfare’.”
Mr Morrison didn’t detail who authorities suspect is responsible for the latest attacks, and wouldn’t be pressed on whether China is the prime suspect in questioning by reporters.
But experts say there’s little doubt Beijing is behind the large-scale effort to damage Australia.
Professor Alana Maurushat is an expert in cybersecurity and behaviour at Western Sydney University believes the timing of these attacks makes that suggestion almost unequivocal.
“Let’s be frank – Australia has recently poked the panda and this is very likely the retaliation,” Professor Maurushat said.
Relations between Canberra and Beijing have deteriorated significantly in recent months, starting with the Prime Minister’s call for an inquiry into the origins of COVID-19.
That prompted a furious response from China – both there and in Australia, via the Embassy – and sparked a series of trade manoeuvres designed to send a clear message.
Chinese Communist Party controlled media outlets were blunt in their assessment of the Commonwealth’s behaviour, with CCP mouthpiece The Global Times launching pointed attacks via a series of editorials.
Striking while most parts of Australia, from government to business, are preoccupied with the coronavirus crisis is also intriguing, Prof Maurushat said.
“This is a tactic as old as time. It comes as no surprise that a sophisticated ‘state-based’ sponsored cyber-warfare unit would be busily using this time to gain intelligence in its adversaries systems.
“And sometimes, cyber intelligence is also gathered within the systems of its allies as well.”
Several foreign governments have strong capabilities when it comes to cyber warfare, with China, Russia, North Korea and Iran blamed for past attacks.
When it comes to this latest attempt, Mr Morrison said advice from security agencies was that “a state-based actor with significant capabilities” was to blame.
“There aren’t that many state-based actors that have those capabilities,” he added.
Tom Uren, the Australian Strategic Policy Institute’s cyber security analyst, said there was no question that China was the perpetrator.
“Of course it is China,” Mr Uren tweeted.
“There are a few countries that have the capability: Russia, China, US, UK, and perhaps Iran and North Korea, although they may not have the scale. Only China in this list will have the appetite for such a broad approach.”
But attributing precise blame is “very hard” because of how the internet is designed, explains Professor Ryan Ko, chair and director of UQ Cyber Security at The University of Queensland.
“An attacker can launch an attack from computers in Country A which in turn control the computers of Countries B and C to target and interact with the victim’s computers in Country D,” Professor Ko said.
“Attributing back to Country A – and the exact individuals involved – is a hard research problem which computer scientists and cybersecurity researchers are constantly trying to solve.”
For its part, China has denied any involvement in the latest attack.
Mr Uren said the fact that last week’s attack targeted telecommunications infrastructure indicated its high-level nature.
He described it as “standard practice for signals intelligence agencies”.
Telstra chief executive officer Andy Penn last week revealed the telco has been targeted repeatedly.
“We have seen a significant increase in cyber-attack activity in recent weeks and we are on heightened alert for ourselves and for our customers, and we are actively managing the risk,” Mr Penn said.
He said defensive security efforts were “critical for our national security and economic growth”.
For the vast majority of people, the threat seems like an abstract concept – it’s hard to see and its consequences are complex and often not obvious.
But experts say the growing frequency and sophistication of cyber attacks warrant urgent attention from everyone.
Professor Craig Valli, director of the ECU Security Research Institute, said cyber attacks are a “persistent pandemic of threat” that’s not going away anytime soon.
“The latest rise in the intensity of attacks further demonstrates the dire need for good cybersecurity hygiene to protect yourself, your family and your business in cyberspace,” Prof Valli said.
Last week, Defence Minister Linda Reynolds said there was “no doubt that malicious cyber activity is increasing in frequency, scale, in sophistication and in its impact”.
“This activity harms Australia’s national security and also our economic interests,” she said. “It’s vital that all Australian organisations are alert to this threat and take steps to protect their own networks.”
If you have indications that your environment has been compromised, contact the Australian Cyber Security Centre by emailing email@example.com or calling 1300 CYBER1 (1300 292 371)