Australia Under Cyberattack From State-sponsored Actors

Australian agencies under attack

• In June, a large number of political as well as private sector organizations in Australia were targeted by a sophisticated state-based cyber actor, suspected to be from China, Russia, Iran, or North Korea.
• The adversaries targeted the organizations from various sectors, including government (regional as well as national), political parties, healthcare, education, essential service providers, and other critical infrastructure operators.
• Adversaries used a large number of initial access vectors, referred to as 'Copy-paste compromises', as they were mostly derived from proof-of-concept exploit code, web shells, and other open-source tools. Primarily, they exploited vulnerabilities in Telerik UI, Microsoft IIS, SharePoint, and Citrix. Spearphishing attacks were used as a secondary attack vector.

Australian government agencies on target

• In the past few months, there have been several attacks on various government agencies in Australia, indicating the interests of the hackers.
• In May 2020, Service NSW, the statutory agency within the Department of Customer Service in Australia, witnessed a cyberattack, resulting in a leak of email accounts of almost 50 NSW government employees.
• In March 2020, personal details of tens of thousands of Australian Defence Force (ADF) members were believed to be compromised due to the leak of a highly sensitive database. The hackers exploited a vulnerability in Citrix to access the Defence Force Recruiting Network (DFRN) data.

Security tips