Nation-state actors target Australia, Government warns

A state-based actor is launching cyber attacks against government, public services and businesses, Australia ‘s prime minister said.

Australia ‘s prime minister Scott Morrison said that a “state-based actor” is targeting government, public services, and businesses.

Warning Australians of “specific risks” and an increased frequency of attacks, The Australian government is working on “specific risks” related to a significant increase in the number of targeted cyber attacks against sensitive institutions and organizations in almost any industry, Morrison told an organised press conference

“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure,” he said.

Morrison highlighted that the attackers have been orchestrated by a sophisticated nation-state actor, but did not attribute it to a specific foreign state.

The economical disputes between Australia and China are related to multiple topics, including maritime claims and the use of technologies from Chinese state-backed companies.

At least one expert told ABC there was an increased in cyber espionage activity attempting to steal material related to COVID-19. In April, the Australian Signals Directorate (ASD) announced it will employ its offensive cyber capabilities against threat actors behind COVID19-themed attacks.

Australia enraged China by calling for an investigation into the origins of the Covid-19 pandemic by accusing China of engaging in economic “coercion”.

In April, China told Australia at the World Trade Organization that restriction imposed by the Australian government on Chinese 5G telecoms technology was “obviously discriminative” and appeared to break global trade rules.

“The Australian Cyber Security Centre’s (ACSC) advisory about the attack described so-called copy-paste compromises that could be addressed by running software updates and other typical security measures.” reported the Australian broadcaster ABC.

“Government sources have told the ABC that China is likely behind the sustained cyber attack.”

Don’t forget that Australia is a member of the Five Eyes intelligence alliance, along with the US, the UK, Canada, and New Zealand, which makes the country a rich target for nation-state actors.

In early 2019, hackers penetrated the computer network of Australian Parliament and stole data from the computers of several elected officials.

The attack took place on January 31, 2019, when the Australian security agencies discovered the intrusion and monitored it for a week before shutting down the network in the attempt of hunting the threat actors. 

According to the Australian Broadcasting Corp, hackers accessed “non-sensitive” data stolen belonging to two senators and a small number of lower house members.

At the time of the attack, the security staff at the Parliament notified the incident to the users, as a precautionary measure the experts shut down the Parliament’s IT system in order to reset user’s password.

The Australian government did not provide further details about the hack, it is only known that a malware infected some computers after users visited a legitimate external website that was previously compromised.

Personnel and users at the Parliament were not temporarily blocked from accessing personal email accounts like Gmail.

Australia disclosed the attacks in February, at the time experts speculated the involvement of a nation-date actor without attributing the attacks to a specific threat actor.

In September 2019, Australia’s intelligence announced it has evidence that the attacks that hit its parliament and political parties were orchestrated by China. Anyway, the Australian government decided to not publicly accuse it to preserve trade relations with Beijing.

Reuters cited five sources within the Australian intelligence that attributed the attacks on its national parliament and three largest political parties before the general election in May to China-linked hackers.

Beijing always denied any involvement in the attacks.

Experts say attribution is often difficult, time-consuming and, if made public, could escalate tensions further.

Morrison notified the leader of the opposition and state leaders of the malicious cyber activity against the country but did not provide technical details of malicious campaigns.

Australia’s prime minister is urging organizations and operators of critical infrastructure to increase the level of security of their infrastructure and to remain vigilant.

“They are not new risks, but they are specific risks,” he said.

“We encourage organisations, particularly those in the health, critical infrastructure and essential services to take expert advice and to implement technical defences,”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, 5G)

[adrotate banner=”5″]

[adrotate banner=”13″]