A cyber expert has warned that China could be using sophisticated cyber malware to infiltrate critical systems in Australia and shut them down in the event of a war. 

Australia joined Five Eyes partners in outing China as being behind a cluster of cyber attacks targeting critical infrastructure in the United States. 

The advisory said Beijing had backed Volt Typhoon to target the infrastructure, with the state-sponsored hackers typically focusing on espionage and information gathering.

The sophisticated malware that was found sits deep within systems and can be used to steal information, learn more about the critical infrastructure, and cause harm to them in the future.

Alastair MacGibbon, the chief strategy officer for cyber security company CyberCX, said it was important to establish China’s intent when naming it as being behind cyber attacks or espionage.

The former chair of the Australian Cyber Security Centre said the advisory note didn’t place China on a war path, but highlighted how these techniques could be used should a conflict occur.

“This is low and slow,” Mr MacGibbon told AAP.

“This highlights that not all cyber attackers wear hi-vis and carry a sledgehammer – some wear camouflage and have a sniper rifle.”

He said while it wasn’t rare for nations to employ techniques such as this in a contested strategic environment, it was unusual that they are found.

“China doesn’t have stealth bombers and hypersonic missiles for the sake of having stealth bombers and hypersonic missiles, neither does the US,” Mr MacGibbon said.

“They have them for a purpose.” 

Microsoft uncovered “stealthy and targeted malicious activity” focusing on access credentials, and said it assessed “with moderate confidence” that the campaign by Volt Typhoon was pursuing the ability to shut down critical communications infrastructure between the US and Asia.

Mr MacGibbon said Australian businesses needed to use the advisory to protect themselves and run threat assessments on their infrastructure.

“Why did the government call it out? The only possible explanation is it believes it is occurring now or could occur in Australia,” he said.  

“They’re using this as a wake-up call to critical infrastructure, most of which is owned by the private sector.”

Home Affairs Minister Clare O’Neil said the Australian government would not be shy in outing cyber attackers when it knew who was responsible.

“We have the evidence before us,” she told ABC Radio on Thursday. 

“It’s important for the national security of our country that we’re transparent and up-front with Australians about the threats that we face.”

Ms O’Neil said the government would not compromise on national security as it tries to repair relations with Beijing. 

The coalition has welcomed the public attribution, saying it is “particularly egregious” to target civilian infrastructure.

Opposition home affairs spokesman James Paterson said if it was happening in the US, it was almost certainly happening in Australia. 

He called for the government to sanction individuals who engage in cyber attacks against the nation.

“This government has to get on the front foot and be proactive about the risks,” Senator Paterson said. 

The joint advisory by the five nations said “living off the land” was the primary tactic used by Beijing-backed cyber attackers.

The technique allows hackers to evade detection by blending in with the normal Windows operating systems and network to perform malicious actions. 

By Dominic Giannini, in Canberra