Prime Minister Scott Morrison told lawmakers that investigators looking into a hack of parliament computer systems revealed two weeks ago “also became aware that the networks of some political parties” had been breached.
“Our cyber experts believe that a sophisticated state actor is responsible for this malicious activity,” he said.
Australian security agencies said they did not know who was behind the attack or their motives.
It is not yet clear what, if any, material was stolen during the hacks, how long the perpetrators went undetected, or whether it could open some political figures up for blackmail.
Earlier this month, Australia reported a “security incident on the parliamentary computing network”.
That forced users — including the prime minister and the cabinet — to change passwords and take other security measures.
Experts warn that attribution is time-consuming and difficult.
“I think it’s definitely too early to say,” said Fergus Hanson, a cybersecurity expert at the Australian Strategic Policy Institute.
He added, however, that there were only “one or two actors” capable of carrying out such an attack.
Hanson said he would put China “at the top” of the list of possible suspects, but “wouldn’t rule out” Russia’s involvement.
Beijing and Canberra have sparred over access to natural resources, maritime claims and the use of Chinese state-backed technology companies.
Relations have recently been frayed over Australia’s decision to ban Huawei from the country’s 5G network amid national security concerns and the expulsion of Huang Xian, a connected billionaire who doled out millions in Australian political donations.
Australians are expected to go to the polls mid-May, raising the spectre that hackers could be trying to influence the outcome of the vote, or change the tenor of the debate.
Both Russia and China have used cyber operations in a bid to influence democratic votes.
Beijing’s spies are accused of targeting Taiwanese officials before the election there last year.
Dozens of Russians have been indicted for trying to tilt the 2016 US presidential election, and alleged Russian involvement in Britain’s referendum on leaving the European Union in the same year has been well documented. Moscow has denied the accusations.
As part of the Five Eyes intelligence network — which also includes Britain, Canada, New Zealand and the United States — Australia is a particularly rich target for foreign interests.
“Our political institutions represent high-value targets. But we have resilient systems in place to detect compromises and remediate them,” said Alastair MacGibbon, head of the Australian Cyber Security Centre.
Five Eyes membership also gives Australia access to a host of signals and human intelligence to back up any suspicions of state hacking.
MacGibbon said the hackers were sophisticated enough to get into the network, but “not sophisticated enough to remain undetected”.
His organisation has already briefed electoral commissions across the country and could be deployed to provide technical support to those affected.
He said it was unclear whether the attackers gained access to sensitive data or emails.
“We don’t know. These are very early days,” he said. “We genuinely do not know.”
Morrison insisted, however, “there is no evidence of any electoral interference”.
“We have put in place a number of measures to ensure the integrity of our electoral system.”