Espionage attacks on government agencies are usually carried out to steal some critical and sensitive data, and thus gain a political advantage. The Australian government has been facing a wave of cyber espionage attacks for the past several months.
Australian agencies under attack
Australian Prime Minister Scott Morrison recently talked about cyberattacks carried out by nation-state hackers, targeting several Australian agencies.
- In June, a large number of political as well as private sector organizations in Australia were targeted by a sophisticated state-based cyber actor, suspected to be from China, Russia, Iran, or North Korea.
- The adversaries targeted the organizations from various sectors, including government (regional as well as national), political parties, healthcare, education, essential service providers, and other critical infrastructure operators.
- Adversaries used a large number of initial access vectors, referred to as 'Copy-paste compromises', as they were mostly derived from proof-of-concept exploit code, web shells, and other open-source tools. Primarily, they exploited vulnerabilities in Telerik UI, Microsoft IIS, SharePoint, and Citrix. Spearphishing attacks were used as a secondary attack vector.
Australian government agencies on target
- In the past few months, there have been several attacks on various government agencies in Australia, indicating the interests of the hackers.
- In May 2020, Service NSW, the statutory agency within the Department of Customer Service in Australia, witnessed a cyberattack, resulting in a leak of email accounts of almost 50 NSW government employees.
- In March 2020, personal details of tens of thousands of Australian Defence Force (ADF) members were believed to be compromised due to the leak of a highly sensitive database. The hackers exploited a vulnerability in Citrix to access the Defence Force Recruiting Network (DFRN) data.
Organizations should proactively detect and counter any cyberattacks by collecting intelligence on advanced threat actors and their attack TTPs. Also, it is advised to regularly evaluate the network for malicious activities and loopholes, to find and mitigate any risks.