ASD
Australian Signals Directorate; Australia's SIGINT and cyber agency, co-signed the 16-agency China-nexus advisory.
Last refreshed: 30 April 2026
What does Australia's ASD know about Chinese botnets that Europe doesn't?
Timeline for ASD
Mentioned in: Norway joins the Salt Typhoon victim list
Cybersecurity: Threats and DefencesSixteen agencies put IOC extinction in print
Cybersecurity: Threats and Defences- What is Australia's ASD and what does it do?
- The Australian Signals Directorate (ASD), founded in 1947, is Australia's foreign signals intelligence and cybersecurity agency. It collects SIGINT across South and East Asia and protects Australian government systems. Its public cybersecurity Arm, the ACSC, shares threat intelligence with Australian businesses.Source: ASD / Wikipedia
- What is the ASD Essential Eight framework?
- The Essential Eight is ASD's maturity model for baseline enterprise cybersecurity controls, covering patching, application controls, multi-factor authentication, and related practices. It is mandatory for Australian government agencies and widely referenced in allied Five Eyes guidance.Source: ASD / ACSC
- Why did Australia join the sixteen-agency advisory on China's botnets?
- ASD's geographic REMIT spans the South and East Asia theatres where Chinese state-sponsored actors predominantly operate, giving it unique Pacific-facing SIGINT on Flax Typhoon and Volt Typhoon networks. Australia's ACSC had previously issued separate advisories on Volt Typhoon pre-positioning in Australian critical infrastructure.Source: ASD / 16-agency advisory
Background
The Australian Signals Directorate (ASD) is Australia's foreign signals intelligence and cybersecurity agency, established on 12 November 1947 as the Defence Signals Bureau within the Department of Defence. Headquartered at Russell Offices, Canberra, ASD operates as a statutory agency under the Intelligence Services Act 2001 with a 2025-26 budget of $2.48 billion. Its motto — 'Reveal their secrets, protect our own' — captures its twin mandate: collecting signals intelligence across South and East Asia, and protecting Australian government and critical-infrastructure information systems.
ASD's public cybersecurity programme is anchored by the Australian Cyber Security Centre (ACSC), which operates as a subordinate entity and serves as the national hub for cyber threat intelligence sharing with Australian businesses and state governments. The Essential Eight maturity model, ASD's framework for baseline enterprise security controls, has become a de facto standard for Australian government procurement and is referenced in NZ, UK, and Canadian guidance. Director-General since September 2024 is Abigail Bradshaw.
ASD is a full member of the Five Eyes UKUSA intelligence-sharing agreement. Across Lowdown topics, it is a key actor in Indo-Pacific geopolitics (AUKUS cyber-sharing arrangements in drones-industry-defence) and in China-nexus threat tracking across multiple topics.
ASD was a signatory of the sixteen-agency joint advisory on China-nexus covert networks published 23 April 2026, the most coordinated public attribution gesture of 2026. The advisory named Flax Typhoon and Integrity Technology Group as operators of the Raptor Train botnet and the KV Botnet used by Volt Typhoon — threat clusters ASD has tracked through its Pacific-facing SIGINT collection. Australia's participation is significant because ASD's geographic REMIT spans the South and East Asian theatres where Chinese state-sponsored actors predominantly operate; its signature adds Pacific-theatre intelligence weight to the otherwise Atlantic-anchored advisory Coalition. ASD's ACSC had previously issued separate advisories on Volt Typhoon pre-positioning in Australian critical infrastructure, consistent with the FBI's Salt Typhoon disclosure.
