Teams of “aggressive and experienced” spies are actively targeting Australians, the director of the Australian Security Intelligence Organisation (ASIO) has warned in revealing that stalking, terrorism threats and cyber security risks to Australian infrastructure are “real… now… and deeper and broader than you might think.”

After years in which the risk of sabotage had attenuated, ASIO director-general of security Mike Burgess said while delivering his latest annual Threat Assessment speech, the agency has recently noted the “re-emergence” of sabotage threats against critical infrastructure – most prominently through the “immediate, low cost and potentially high impact vector” of cyber security compromise.

One nation state, he said, is already known to be scanning Australia’s water, transport, and energy networks for potential vulnerabilities – a nod to Chinese government-backed hacking group Volt Typhoon, which was recently called out by US, UK, New Zealand, and Canadian authorities for its ongoing penetration of critical infrastructure around the world.

While the overall threat of extremist terrorism has receded somewhat, a recent uptick in grandstanding by “nationalist and racist violent extremists”, Burgess said, has left ASIO currently investigating a number of individuals and left the agency “concerned about a long actor moving from talk to action without warning.”

“There is,” he said, “the realistic possibility of a terrorist attack or attack planning in the next 12 months.”

The warning comes amidst near constant warnings about the dangers of scams, identity theft, deepfakes and ransomware to individuals and businesses – but with ASIO’s agents continuing to track foreign cyber spies out of the spotlight, Burgess said that many Australians are unaware that perceived “high value targets” within the Australian community are being actively stalked in the real world and on social media.

“Right now, there is a particular team in a particular foreign intelligence service with a particular focus on Australia,” he said, adding that the “aggressive and experienced” team – which has been christened by ASIO as the A-team, for ‘Australia team’ – is actively trawling professional networking sites “looking for Australians with access to privileged information”.

Once targets are identified, the foreign agents approach them using “false, anglicised personas” with names like Sophy, Amy, Ben, and Eric and purporting to be consultants, headhunters, local government officials, and think tank researchers “claiming to be from fictional companies such as Data 31.”

They often offer consulting opportunities and promise to pay recipients thousands for detailed reports about Australian interests – eventually trying to move the conversation to an encrypted messaging app or even an overseas trip to meet in person.

“This form of espionage is low-cost, low-risk, low-effort – and can be conducted at scale,” he said. “Hundreds of friend requests can be sent each day.”

Many Australians were playing into the foreign agents’ hands by advertising their privileged access on social networking sites – including 14,000 Australians who are “publicly boasting” that they work in intelligence or have a security clearance.

“There are plenty of cases where individuals involved in important defence projects use professional networking sites to identify the team they are working in, the program they are working on and the critical technologies they are working with,” Burgess said.

“I appreciate that people need to market themselves but please be smart and be discreet; don’t make yourselves an easy target.”

Fighting fire with fire

Burgess’ comments come as new research by security firm Infoblox reveals that a Russian group of fraudsters it has dubbed ‘Savvy Seahorse’ has been targeting Australians with Facebook ads, backed by what the firm calls a “traffic distribution system” and a network of ChatGPT and WhatsApp bots designed to ensnare victims into purportedly investing in the likes of Tesla and Meta.

Similarly direct approaches are being used to manipulate Australians into sharing details about Australia’s political, scientific, defence, and other industries – with foreign agents proving so good at their activities that ASIO recently had to intervene after A-team members successfully won the ears of Australian academics and political figures.

One “aspiring politician” provided concerning detail about the dynamics inside his party, while another academic began providing information about Australia’s national security and defence priorities.

ASIO intervened, finding that many victims had no idea they had been recruited – but that others were well aware they were feeding information to foreign agents.

“Several individuals should be grateful the espionage and foreign interference laws are not retrospective,” Burgess said, “[but] you cannot rely on ASIO stopping every attempt.”

Burgess declassified the cases both to help Australians “understand what the threat looks like”, “to shine a disinfecting light on the tactics our adversaries use,” and because “we want the A-team to know its cover is blown.”

ASIO’s disruption of foreign espionage campaigns has ramped up dramatically in recent years, with the Counter Foreign Interference Taskforce conducting over 120 operations since mid 2020 and successful disruptions of foreign interference campaigns increasing by 265 per cent.

Chillingly, this included situations in which foreign agents were caught shopping around to find someone who would “take severe action” against an Australia-based dissident, and another who tried to hire someone to make a different dissident “disappear”.

“Terrorists and spies don’t do business as usual,” he continued. “There are constant shifts in threat, intent, tactics, capabilities and technologies.

“And while Australia’s terrorist threats have reduced in scale, they have increased in complexity.”