sb-au logo
Story image

State-based cyber attack targeting Australian government and businesses

Australian Prime Minister Scott Morrison has revealed a malicious and widespread cyber attack is currently underway on businesses and governments in the country.

Morrison told media in a press conference on Friday morning that Australian organisations are being targeted by a 'sophisticated state-based cyber actor'.

"This activity is targeting Australian organisations in a range of sectors, including all levels of government," says Morrison.

Political organisations, education, health, essential service providers and other 'critical infrastructure' were also being targeted by the attack.

Morrison added that the scale and nature of the targeting confirmed its status as a sophisticated state-based cyber actor, as well as the tradecraft used in the attack, which is ongoing.

A report from the Australian Cyber Security Centre (ACSC) states, "The Australian Government is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor."

The ACSC suggests that the attacks are 'copy-paste compromises', which are attacks leveraging proof-of-concept exploit code, web shells, and other tools that are almost identical to open source tools - hence the term 'copy-paste'.

The exploits relate to Telerik UI, Microsoft Internet Information Services, SharePoint, and Citrix. All exploits were publicly disclosed and have patches or fixes available.

The ACSC states, "The actor has shown the capability to quickly leverage public exploit proof-of-concepts to target networks of interest and regularly conducts reconnaissance of target networks looking for vulnerable services, potentially maintaining a list of public-facing services to quickly target following future vulnerability releases. The actor has also shown an aptitude for identifying development, test and orphaned services that are not well known or maintained by victim organisations."

As speculation about who is behind the attacks inevitably comes up, Morrison says the Government is not making any public attribution statements, however, it may be the work of a state-based threat actor.

The attacker has not succeeded in exploiting public-facing infrastructure, however, they have conducted various spearphishing attacks through email tracking, malicious email links, and other links.

The ACSC continues, "During its investigations, the ACSC identified no intent by the actor to carry out any disruptive or destructive activities within victim environments."

Organisations should ensure that patches and mitigations are applied to all internet-facing infrastructure within 48 hours. Organisations should also update operating systems and software, and use multi-factor authentication across email applications, collaboration platforms, virtual private networks (VPNs), and remote desktop services.

"We know what is going on. We are on it, but it is a day-to-day task," concludes Morrison.

 

Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Download image
Equinix study: Firms turn to NFV to support distributed networks
Decision-makers looking for a solution that virtualises a wide range of network functions should evaluate NFV, study finds.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More