Australia
PM reveals major cyber attack, but won’t name source
Australian governments and industry are being targeted by a major cyber attack that is putting pressure on critical infrastructure and public services, with China understood to be a likely source of the threat.
Prime Minister Scott Morrison revealed the ‘‘malicious’’ attack yesterday morning after briefing state premiers as well as Labor leader Anthony Albanese on the threat showing a level of sophistication that could only come from a state-based actor.
‘‘Based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated state-based cyber actor,’’ Morrison said. ‘‘This act is targeting Australian organisations across a range of sectors including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.’’
Asked whether the attack came from China, Morrison did not name the foreign state but emphasised the level of sophistication of the intrusion.
‘‘What I can confirm, with confidence, based on the advice, the technical advice that we have received, is that this is the action of a state-based actor with significant capabilities,’’ he said.
Morrison raised the attack with British Prime Minister Boris Johnson on Thursday night and also sought cooperation from Australia’s Five Eyes intelligence partners, the United States, Canada, New Zealand as well as the UK.
Others who were aware of the attack named China as a likely source. Government sources say the attack bore many similarities to a cyber attack on Parliament House’s computer system in February 2019, which security agencies attributed to China.
The Australian Signals Directorate said it was aware of the ‘‘sustained targeting of Australian governments and companies by a sophisticated state-based actor’’.
It said links to fake websites designed to steal users’ details, links to malicious files, and use of email tracking services to identify when users were opening emails were being used by the sophisticated actor.
‘‘The actor has been identified leveraging a number of initial access vectors, with the most prevalent being the exploitation of public-facing infrastructure,’’ the intelligence organisation said.
The Australian Cyber Security Centre was working with the organisations subject to the malicious cyber attack.
The ACSC named ‘‘copy-paste compromises’’ as part of the state-based actor’s ‘‘heavy use of proof-of-concept exploit code, web shells and other tools’’ to enable the attacks.
Defence Minister Linda Reynolds said companies should ‘‘patch’’ their internetfacing devices promptly to make sure any web or email servers are fully updated with the latest software and ensure they used multi-factor authentication to secure any internet access.
The government has seen an increase in threat activity in recent months in a trend that has overlapped with Australia’s tensions with the Chinese government over an investigation into the source of the Covid-19 virus in the Chinese city of Wuhan.
Federal Parliament revealed in February last year that malware had made its way into the parliamentary computer network via several politicians’ computers.
Sources last year said Chinese spies were the prime suspects in the unprecedented hack that may have exposed information about voters and private data of MPs ahead of the federal election. – Nine