iscover
Cyber attacks were the most common form of hybrid threat faced by Australia in the last decade, but economic coercion and foreign interference are not far behind.
Australia is in an enviable position of having rarely come under military attack. There have been exceptions, of course, during World War II, when Japan launched air and seaborne raids on places like Darwin, Newcastle and Sydney.
But largely, distance and geography serve to keep us quite physically secure, at least in a kinetic sense.
However, when it comes to hybrid threats, the last 10 years have seen almost 80 instances of campaigns aimed at causing harm or coercion in some form.
Analysts at the Australian Strategic Policy Institute (ASPI) have been tracking hybrid threats against Australia since March 2016, and between then and February 2025, have tracked 74 discrete activities targeting the country.
Given the growing state of digital connectivity across the globe, cyber security incidents and attacks make up approximately 35 per cent of all hybrid activity. Both private and public sector companies have been targeted by largely PRC-backed hackers, such as Naikon, APT40, APT27 and Aoqin Dragon, as well as critical infrastructure entities.
“The ASPI research into hybrid threats underscores a key trend observation that we have always expected would occur: nation-state aligned threat actors are prioritising cyber security as the foremost battleground in today’s modern, digital world. Whether it is cyber espionage or targeting critical infrastructure for sabotage, this type of conflict is no longer relegated to complex stories found in television and movies,” Satnam Narang, senior staff research engineer at Tenable, told Defence Connect.
Economic coercion, foreign interference, and narrative and disinformation campaigns all make up about 20–25 per cent of each targeted activity, and here again, China is highly active. China is thought to have engaged in efforts to sway debate towards far-right sources during the Voice to Parliament campaign, and its extensive Spamouflage network of fake social media accounts targeted an Australian rare earth mining company in recent years as well.
Journalists and members of the Chinese diaspora in Australia have also been targeted by Chinese influence and harassment campaigns.
China’s efforts to impact the Australian economy include tariffs and bans on Australian produce, trade restrictions and even consumer boycotts
“Tariffs are an established tool of trade policy used to protect domestic industries, address trade imbalances or pursue national economic goals,” ASPI said in a 7 May blog post.
“But economic coercion involves actions that go beyond standard trade policy, including engaging in targeted boycotts, blocking access to essential resources, and imposing sanctions with the explicit goal of forcing political concessions.”
Military and paramilitary coercion only makes up about 15 per cent of hybrid activity, but as ASPI noted, such activity has increased in the last few years, and, again, China is the main culprit. Only recently, we have had the example of a Chinese naval flotilla performing firing drills in the Tasman Sea and aerial encounters between Chinese and Australian military aircraft in the South China Sea – all just in February 2025 alone.
“Although overt military coercion remains relatively rare compared to other forms of intimidation, these hybrid threat activities increase the potential for serious escalation,” ASPI said.
Of course, while China is responsible for the bulk of hybrid activity targeting Australia, it is not alone. China is responsible for 69 per cent of such activity, with Russia the next most active nation at 11 per cent of activity, trailed closely by Iran, which makes up fully 10 per cent of hybrid threat activity.
Other nations make up 4 per cent of activity, unidentified hackers responsible for 5 per cent of threat activity, and ideologically motivated violent extremism is 1 per cent.
“On a global scale, we see that nation-state aligned threat actors with ties to China, Iran and Russia are the biggest aggressors. That said, there are other niche threat actors participating in cyber conflicts in other parts of the world, such as SideCopy, a suspected Pakistani threat actor, and Sidewinder, a suspected Indian threat actor.”
Narang noted that cyber warfare does not necessarily need to be information-driven – sometimes it’s about making money in order to fund continuing operations.
“For instance, Fox Kitten, one of the threat actors named in the ASPI report, has been functioning as an initial access broker, a type of cyber criminal that is able to gain access to a network,” Narang said of the Iranian hacker.
“Based on reporting, Fox Kitten targets internet-facing assets vulnerable to known exploits in order to gain access. Typically, initial access brokers sell to the highest bidder. However, Fox Kitten has been observed working with ransomware affiliates, who deploy ransomware, either sharing a piece of the ransom demand or purchasing the access outright.
“These financially motivated attacks are one way these nation-state aligned threat actors are able to fund their operations, which showcases how these groups are able to pivot their operations to pay for further development of malicious software or to procure zero-day vulnerabilities on the dark web that can be used for future espionage-related activity.”
