China has hit back at "groundless" claims it hired criminal contractors to undertake a devastating cyber attack against Microsoft, instead pointing the finger at Australia's own "poor record".
Australia and a coalition of western nations earlier banded together to name and shame China for an attack on tech giant Microsoft earlier this year, warning it has opened the door for cyber criminals around the world.
The joint statement from governments, including Australia, the United States, European Union, Japan and the United Kingdom, condemned the actions of China's Ministry of State Security for their involvement in a cyber attack on the US company's email software, which it claimed undermined international stability and security.
The Chinese Embassy in Australia rejected the accusations, adding it firmly opposed cyber attacks and cyber theft in all forms in a statement released on Tuesday.
"It is well known that the US has engaged in unscrupulous, massive and indiscriminate eavesdropping on many countries including its allies. It is the world champion of malicious cyber attacks," a spokesperson for the embassy said.
"Australia also has a poor record, including monitoring the mobile phone of the president of its biggest neighbour country, not to mention acting as an accomplice for the US' eavesdropping activities under the framework of Five Eyes alliance.
"What the Australian government has done is extremely hypocritical, like a thief crying 'stop the thief'."
The public attribution marked a first in recent times with Australia publicly calling out China for its involvement in the attack.
National Security College senior public policy advisor William Stoltz said the significant announcement marked a change in the international response to China's malicious behaviour.
With the backing of other countries, Australia also felt it could take a stronger stance to the country's cyber aggression, he said.
"The ball's in China's court and it really invites China to respond in a certain way," Dr Stoltz said.
"It's signalling to China if you want to continue along this disruptive, coercive path, you're going to continue to get a firmer response from a block of Western countries."
Home Affairs Minister Karen Andrews said China needed to be called out in this instance given the disruption the attack caused and the "high level of confidence" the coalition held over who was behind it.
The January attack on Microsoft Exchange affected businesses and organisations, rather than individuals, she said.
But independent senator Rex Patrick said the government needed to do more than just publicly call out the country for its malicious activity.
"China won't wind back hacking until the [Chinese Communist Party] cops real penalties," he said on Twitter.
"Complaints without sanctions won't change China's militant behaviour."
China's public attribution as the actor behind the attack was enough of a penalty, the Home Affairs Minister said.
"They won't get away with it scot-free," Ms Andrews said on Tuesday.
"They have many nations that have come out and publicly attributed this attack to them. So, there is significant reputational damage to China.
"They have been called out, and we will continue to call out, not only China, but other nations, if they do launch and undertake significant attacks here on Australians and Australian businesses."
The allegations levelled at the Chinese government claim the Ministry of State Security hired criminal hackers to undertake the exploits.
Dr Stoltz said it's possible the attack wasn't a central effort by the Chinese government but rogue actors within certain departments or teams of the large entity.
The ramifications remained just as disastrous regardless, he said.
"By China allowing the criminal actors to behave in this way and be contracted by a state is really inviting quite a lot of chaos into the cyber domain writ large," Dr Stoltz said.
"This has been pretty disruptive in the sense that it's thrown out an exploit into the wild that has allowed criminals to use for profit and then other countries, particularly countries like North Korea, have also exploited these types of things for their own profit as a way to get around sanctions.
"I think long term, they probably weren't really thinking about those consequences.
"It's a pretty irresponsible thing for them to be doing."
An editorial in Global Times - a paper controlled by the Chinese government - hit back at the claims, calling it a "huge lie".
"Cyber attacks have happened in almost all countries and China has suffered more damage than the US," the editorial said.
"The US, the global top technology centre, has blatantly set up cyber troops, but loudly accuses other countries of launching cyber attacks. How ridiculous!"
Dr Stoltz said China's broader response to Australia's involvement was anyone's guess. Previous examples indicated it would take a horizontal approach, focusing on other areas that could hurt the country such as trade tariffs.
"You know there's always the possibility that China will just decide to give us the middle finger and continue to perform these types of things online," he said.
"The Chinese approach typically is usually what we call horizontal escalation so they'll typically respond in a different area.
"They might respond in the context of trade, but potentially even in in the context of maritime [aggression].
"Whether they respond targetedly to Australia, or collectively to all those countries, it's kind of up in the air."
The Australian government and its intelligence agencies have been hesitant to name countries in previous attacks against institutions and organisations within the country.
A sophisticated cyber attack against Australian National University first came to light in May 2019 after vice-chancellor Brian Schmidt told staff and students in an email.
Data breached in the hack exposed the personal details of students and staff but the perpetrators were never named.
Head of Australia's domestic spy agency Mike Burgess said the country behind the 2018 attack was known but would not be publicly revealed.
"I do know who was behind it but I would not say that publicly," Mr Burgess said in March this year.
"There's not just one country that we should be concerned about ... one country in particular is highly active but they're not alone in that endeavour."
Our journalists work hard to provide local, up-to-date news to the community. This is how you can continue to access our trusted content: