Go to top of page

Key Activity 3: Offensive cyber operations

Performance Criterion: ASD’s offensive cyber operations deliver real-world impact, including providing advantage to military operations.

2020-21 Result: Achieved.

ASD uses its offensive cyber capability against a range of adversaries to protect Australians and Australia’s national interests. Offensive cyber operations involve a broad range of offshore activities designed to deter, disrupt, degrade and deny adversaries in support of Government national security priorities. ASD’s performance against this criterion is based on qualitative assessments of operational outcomes.

Key Performance Indicator 5

ASD’s offensive cyber operations provide effective and timely support for military operations in accordance with Australian Defence Force priorities and requirements.

Throughout 2020–21, ASD has continued to provide offensive cyber operations in support of Headquarters Joint Operations Command’s key operational requirements. This includes future enhancements of ASD’s cyber capability to support military preparedness.

Key Performance Indicator 6

ASD’s offensive cyber operations provide effective measures to counter offshore cyber threats targeting Australians and Australia, consistent with whole-of-government security priorities and requirements.

Throughout 2020–21, ASD continued to pivot its offensive cyber capabilities to address emerging threats presented by foreign cybercriminals’ malicious activities related to COVID-19. Operations focused on disabling online infrastructure used by the foreign cybercriminals and disrupting their exploitation capabilities.

Case Study 5: Website takedowns

On 25 January 2021, an Australian government department reported an ongoing short messaging service (SMS) phishing campaign targeting members of the Australian public. The campaign employed a website link in the SMS message to direct recipients to a credential and personally identifiable information harvesting page that impersonated the department. ASD provided assistance to the department to remediate the threat. This incident highlights the ongoing exploitation by malicious actors to leverage local and global events, including the coronavirus pandemic, to increase the likelihood of individuals clicking malicious links.

Reported financial losses due to cybercrime reported in Australia totalled more than $33 billion (AUD) in 2020–21 with one of the more common attack vectors being fraud, which includes directing victims to fake websites. As a result, ASD has enhanced its capability to respond at speed and scale to websites facilitating malicious activity online. Since the commencement of the current takedown service in March 2021, ASD has removed more than 7,700 websites or services from the internet that were hosting cybercrime activity related to the coronavirus pandemic.